logo
Vulnerability feed
Contributors
About
Blog
CONTRIBUTE

Vulnerability

warn

CVE-2019-17564

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2019-17564

Description:
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.
Last updated date:
03/30/2021

Reports

alt

ACTIVELY EXPLOITED

Type:
exploitation
Confidence:
HIGH
Date of publishing:
05/17/2024
Reference url to background

https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Threat%20reports/AquaSecurity_Kinsing_Demystified_Technical_Guide.pdf

Type:
exploit
Confidence:
HIGH
Date of publishing:
02/13/2020
Reference url to background

https://github.com/Jaky5155/CVE-2019-17564

Type:
exploit
Confidence:
HIGH
Date of publishing:
02/20/2020
Reference url to background

https://github.com/Dor-Tumarkin/CVE-2019-17564-FastJson-Gadget

Type:
exploit
Confidence:
HIGH
Date of publishing:
02/24/2020
Reference url to background

https://github.com/fairyming/CVE-2019-17564

Type:
exploit
Confidence:
HIGH
Date of publishing:
06/26/2020
Reference url to background

https://mp.weixin.qq.com/s/reQaUVCa6RNG9tG_IZ_UjA

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy