Skip to content

CVE-2023-51518: Preauthenticated Java Deserialization via JMX in Apache James

Notifications You must be signed in to change notification settings

mbadanoiu/CVE-2023-51518

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

CVE-2023-51518: Preauthenticated Java Deserialization via JMX in Apache James

Apache James distribution prior to release 3.7.5 and 3.8.1 allow privilege escalation via JMX pre-authentication deserialization. Given a deserialization gadget, this could be leveraged as part of an exploit chain that could result in privilege escalation.

Note: For Apache James servers running using Java versions <16, the ysoserial "CommonsBeanutils1" gadget can be used to execute arbitrary system commands. For Java versions >=16, an alternative vector needs to be identified as explained in this article.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

CVE-2023-51518: Preauthenticated Java Deserialization via JMX in Apache James

Topics

Resources

Stars

Watchers

Forks