CVE-2015-6420 PoC — 多款Cisco产品Apache Commons Collections库任意代码执行漏洞

Source

https://github.com/Leeziao/CVE-2015-6420

Associated Vulnerability

Title:多款Cisco产品Apache Commons Collections库任意代码执行漏洞 (CVE-2015-6420)
Description:Apache Commons Collections（ACC）是美国阿帕奇（Apache）软件基金会的一个Apache Commons项目的Commons Proper（可重复利用Java组件库）中的组件，它可以扩展或增加Java集合框架。多款Cisco产品的ACC库中使用的Java反序列化过程中存在安全漏洞。远程攻击者可通过提交特制的输入利用该漏洞执行任意代码。以下产品及版本受到影响：Cisco Digital Life RMS 1.8.1.1版本，Broadband Access Center Te

Readme

# CVE-2015-6420

![漏洞触发路径](CVE-2015-6420.png)

- 反序列化漏洞

## 参考

-  [Java反序列化漏洞-CC 利用链分析](https://blog.csdn.net/weixin_49125123/article/details/135040071)

File Snapshot


 [4.0K]  /data/pocs/8276cdedaaa4279fd0f465964e6136b5e6f9c03a
├── [6.0K]  CVE-2015-6420.drawio
├── [ 51K]  CVE-2015-6420.png
├── [ 218]  exp.py
├── [ 880]  pom.xml
├── [ 203]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            └── [4.0K]  org
                └── [4.0K]  example
                    └── [6.3K]  Main.java

5 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!