7 matches found
Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...
CVE-2019-17564
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...
CVE-2019-17564
creationtimestamp| type| source ---|---|--- 2020-04-02 02:28:19+00:00| seen| https://t.me/cibsecurity/10921 2021-08-02 20:29:04+00:00| published-proof-of-concept| Telegram/Tvd8QL4SENBdyhrOX8ClGh5gThmxL9slOp2aXg1VdaPgg 2023-11-24 22:14:24+00:00| seen| https://t.me/arpsyndicate/546 2023-12-18...
CVE-2019-17564
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...
CVE-2019-17564
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...
CVE-2019-17564
CVE-2019-17564 is an unsafe deserialization vulnerability in Apache Dubbo when HTTP remoting is enabled. An attacker can send a POST with a Java object to fully compromise a Dubbo Provider instance. Affected versions include 2.7.0–2.7.4, 2.6.0–2.6.7, and all 2.5.x. The exploitation leads to remot...
Exploit for Deserialization of Untrusted Data in Apache Dubbo
CVE-2019-17564 FastJson + SpringFramework Gadget for Dubbo 2.7...