4 matches found
CVE-2017-12628
creationtimestamp| type| source ---|---|--- 2024-01-06 21:48:33+00:00| seen| https://t.me/arpsyndicate/2577...
Apache James Deserialization RCE(CVE-2017-12628)
Analysis of CVE-2017-12628 This morning I spotted a tweet mentioning an “Apache James 3.0.1 JMX Server Deserialization” vulnerability, CVE-2017-12628, which caught my eye because I wrote a generic JMX deserialization exploit which is included in my RMI attack tool BaRMIe. A quick search for more...
CVE-2017-12628
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...
CVE-2017-12628
CVE-2017-12628 : The JMX server embedded in Apache James is vulnerable to a Java deserialization issue in its JMX handling, enabling arbitrary command execution. The description notes this is limited to local escalation since JMX is bound to localhost by default, with the vendor upgrade to a fixe...