CVE-2016-1000027 PoC — Vmware Spring Framework 代码问题漏洞

Source

https://github.com/yihtserns/spring-web-without-remoting

Associated Vulnerability

Title:Vmware Spring Framework 代码问题漏洞 (CVE-2016-1000027)
Description:Vmware Spring Framework是美国威睿（Vmware）公司的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Pivotal Software Spring Framework 4.1.4版本中存在安全漏洞。攻击者可利用该漏洞执行代码。

Description

Spring Web 5.x with `org.springframework.remoting` package removed, to fix CVE-2016-1000027.

Readme

# spring-web-without-remoting
Spring Web 5.x with `org.springframework.remoting` package removed, to fix <a href="https://github.com/advisories/GHSA-4wrc-f8pq-fpqp">CVE-2016-1000027</a>.

For more info, see <a href="https://github.com/spring-projects/spring-framework/issues/24434">spring-projects/spring-framework #24434</a>.

File Snapshot


 [4.0K]  /data/pocs/935d5b2233d5c10309345da23c469055e9fc2c54
├── [ 11K]  LICENSE
├── [9.6K]  mvnw
├── [6.5K]  mvnw.cmd
├── [9.2K]  pom.xml
└── [ 327]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!