{
  "Name": "Red Hat Jboss Application Server CVE-2017-7504 Remote Code Execution Vulnerability",
  "Description": "HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server \u003c= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data.",
  "Product": "",
  "Homepage": "",
  "DisclosureDate": "2017-05-19",
  "Author": "gp827782797@qq.com",
  "FofaQuery": "product=\"Jboss\" || app=\"RedHat-JBoss\"",
  "GobyQuery": "product=\"Jboss\" || app=\"RedHat-JBoss\"",
  "Level": "3",
  "Impact": "JBoss AS 4.x and before. In JBoss AS 4.x and previous versions, the JMS Over HTTP Invocation Layer HttpServerilServlet.java file of the JBossMQ implementation process has a deserialization vulnerability, which can be exploited by a remote attacker to execute arbitrary code with custom serialized data.",
  "Recommendation": "",
  "References": null,
  "RealReferences": [
    "http://www.securityfocus.com/bid/98595",
    "https://bugzilla.redhat.com/show_bug.cgi?id=1451441",
    "https://nvd.nist.gov/vuln/detail/CVE-2017-7504",
    "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7504"
  ],
  "HasExp": true,
  "ExpParams": [
    {
      "Name": "AttackType",
      "Type": "select",
      "Value": "goby_shell_linux,base64_cmd,cmd"
    },
	{
      "Name": "base64_cmd",
      "Type": "input",
	  "show": "AttackType=linux_cmd",
      "Value": "id"
    },
	{
      "Name": "cmd",
      "Type": "input",
	  "show": "",
      "Value": "print xxx"
    }
  ],
  "ExpTips": {
    "Type": "",
    "Content": ""
  },
  "ScanSteps": [
    "AND",
    {
      "Request": {
        "data": "",
        "data_type": "text",
        "follow_redirect": true,
        "method": "GET",
        "uri": "/"
      },
      "ResponseTest": {
        "checks": [
          {
            "bz": "",
            "operation": "==",
            "type": "item",
            "value": "200",
            "variable": "$code"
          }
        ],
        "operation": "AND",
        "type": "group"
      }
    }
  ],
  "ExploitSteps": null,
  "Tags": null,
  "CVEIDs": [
    "CVE-2017-7504"
  ],
  "CVSSScore": "9.8",
  "AttackSurfaces": {
    "Application": null,
    "Support": null,
    "Service": ["Jboss"],
    "System": null,
    "Hardware": null
  },
  "Disable": false
}