3 matches found
GHSA-C459-2M73-67HJ SOFA Hessian Remote Command Execution (RCE) Vulnerability
Impact SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on...
PT-2024-32317
Name of the Vulnerable Software and Affected Versions sofahessian versions prior to 3.5.5 Description The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. However, there is a gadget chain that can bypass the SOF...
PT-2022-27840
Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 3.5.5 Apache CXF versions prior to 3.4.10 Description A Server-Side Request Forgery SSRF issue exists in the parsing of the href attribute of XOP:Include in MTOM requests. This allows an attacker to perform SSRF...