Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
canvasImmunity CanvasVREALIZE_VCOFACTORY_DESERIALIZE
HistoryDec 21, 2015 - 3:59 a.m.

Immunity Canvas: VREALIZE_VCOFACTORY_DESERIALIZE

2015-12-2103:59:00
Immunity Canvas
exploitlist.immunityinc.com
524

EPSS

0.003

Percentile

69.2%

JSON
Name vrealize_vcofactory_deserialize
CVE CVE-2015-6934 Exploit Pack
VENDOR: VMWare
NOTES:
IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WORK.

VMWare VRealize has a remoting interface named vcofactory. It communicates with a client by exchanging
serialized Java objects.

Apache Commons pre-3.2 allows users to serialize
transformers on collection values. Of importance to us is the InvokerTransfomer, which is capable
of invoking Java methods. We are able to run these transformers by adding them to an
annotation map whose members are acccessed. The right chain of method invocations leads to arbitrary
code execution.

Tested targets:
> vRealize 6.0.1.2490144
- Windows 8.1 Pro x86_64 EN / Java 6u45 - SUCCESS
- Windows 8.1 Pro x86_64 EN / Java 7u80 - SUCCESS
- Windows 8.1 Pro x86_64 EN / Java 8u73 - SUCCESS

> vCenter Orchestrator Appliance
- Appliance’s VMDK is corrupted

> vRealize Operations Manager Appliance 6.2.0.3
- Publically accessible interfaces require client certificate authentication. A CA-signed client certificate is necessary to connect.

Repeatability: Infinite
References: [‘https://www.vmware.com/security/advisories/VMSA-2015-0009’]
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6934

Related

vmware 2
prion 1
openvas 2
nessus 2
nvd 1
cve 1
cvelist 1
impervablog 1
vmware
vmware
VMware vCenter Server updates address an important reflected cross-site scripting issue
2015-12-18 00:00:00
VMware product updates address a critical deserialization vulnerability
2015-12-18 00:00:00
prion
prion
Design/Logic Flaw
2015-12-21 03:59:00
openvas
openvas
VMware vRealize Operations RCE Vulnerability (VMSA-2015-0009)
2017-04-21 00:00:00
VMware vRealize Orchestrator RCE Vulnerability (VMSA-2015-0009)
2017-04-20 00:00:00
nessus
nessus
VMware vCenter / vRealize Orchestrator Appliance 4.2.x / 5.x / 6.x Java Object Deserialization RCE (VMSA-2015-0009)
2016-01-06 00:00:00
VMware vCenter / vRealize Orchestrator 4.2.x / 5.x / 6.x Java Object Deserialization RCE (VMSA-2015-0009)
2016-01-06 00:00:00
nvd
nvd
CVE-2015-6934
2015-12-21 03:59:00
cve
cve
CVE-2015-6934
2015-12-21 03:59:00
cvelist
cvelist
CVE-2015-6934
2015-12-21 02:00:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08

EPSS

0.003

Percentile

69.2%

JSON
Related for VREALIZE_VCOFACTORY_DESERIALIZE
vmware2prion1openvas2nessus2nvd1cve1cvelist1impervablog1