Lucene search
K

7 matches found

Nuclei
Nuclei
added yesterday16 views

Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

9.8CVSS7AI score0.35564EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/05/22 9:16 a.m.10 views

CVE-2019-17564

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

9.8CVSS6.7AI score0.35564EPSS
Exploits2References1
Circl
Circl
added 2020/04/02 2:28 a.m.9 views

CVE-2019-17564

creationtimestamp| type| source ---|---|--- 2020-04-02 02:28:19+00:00| seen| https://t.me/cibsecurity/10921 2021-08-02 20:29:04+00:00| published-proof-of-concept| Telegram/Tvd8QL4SENBdyhrOX8ClGh5gThmxL9slOp2aXg1VdaPgg 2023-11-24 22:14:24+00:00| seen| https://t.me/arpsyndicate/546 2023-12-18...

9.8CVSS8.7AI score0.35564EPSS
Exploits2References6
NVD
NVD
added 2020/04/01 10:15 p.m.19 views

CVE-2019-17564

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

9.8CVSS9.4AI score0.35564EPSS
Exploits2References2
Cvelist
Cvelist
added 2020/04/01 9:17 p.m.25 views

CVE-2019-17564

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

9.4AI score0.35564EPSS
Exploits2References2
CVE
CVE
added 2020/04/01 9:17 p.m.104 views

CVE-2019-17564

CVE-2019-17564 is an unsafe deserialization vulnerability in Apache Dubbo when HTTP remoting is enabled. An attacker can send a POST with a Java object to fully compromise a Dubbo Provider instance. Affected versions include 2.7.0–2.7.4, 2.6.0–2.6.7, and all 2.5.x. The exploitation leads to remot...

9.8CVSS9.2AI score0.35564EPSS
Exploits2References2Affected Software1
GithubExploit
GithubExploit
added 2020/02/20 8:28 a.m.71 views

Exploit for Deserialization of Untrusted Data in Apache Dubbo

CVE-2019-17564 FastJson + SpringFramework Gadget for Dubbo 2.7...

9.8CVSS9.3AI score0.35564EPSS
Exploits2
Rows per page
Query Builder