In the month of October 2017 a Java deserialization vulnerability was disclosed to Oracle. The vulnerability is assigned CVE-2017-10271. Oracle has addressed this issue by releasing patches in October. Upon successful exploitation an attacker can achieve remote code execution with out authentication. An attacker sends a custom XML request to CoordinatorPortType web service, this causes … Continue reading “WebLogic WLS Deserialization RCE : CVE-2017-10271”
Tag: XML
Apache Solr Remote Execution Zero-Day Vulnerability : CVE-2017-12629
Introduction Two Critical vulnerabilities have been reported in the Apache Solr distributions. These vulnerabilities were found in the latest distribution of Apache Solr. One of which is an XML External Entity (XXE) Processing and the other allows remote code execution using one of the publicly exposed API. It has been assigned CVE-2017-12629. The two vulnerabilities could … Continue reading “Apache Solr Remote Execution Zero-Day Vulnerability : CVE-2017-12629”