https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-12149.yaml

标题： Red Hat JBoss Enterprise Application Platform Jboss Application Server 安全漏洞 (CVE-2017-12149)
描述：Red Hat JBoss Enterprise Application Platform（EAP）是美国红帽（Red Hat）公司的一套开源、基于J2EE的中间件平台。该平台主要用于构建、部署和托管Java应用程序与服务。Jboss Application Server是其中的一款基于JavaEE的开源的应用服务器。 Red Hat Jboss EAP 5.0版本中附带的Jboss Application Server存在远程代码执行漏洞。远程攻击者可借助特制的序列化数据利用该漏洞在受影响应用程序上下文

Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2 is susceptible to a remote code execution vulnerability because  the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization, thus allowing an attacker to execute arbitrary code via crafted serialized data.

 id: CVE-2017-12149

info:
  name: Jboss Application Server - Remote Code Execution
  author: fopina,

...