CVE-2011-2894

Spring Framework 3.0.0-3.0.5 & Spring Security 2.0.0-2.0.6, 3.0.0-3.0.5 - RCE via Untrusted Deserialization

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-2894. PoCs published by pwntester.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2011-2894, a Spring Framework deserialization vulnerability. It leverages Java serialization and Spring's bean factory manipulation to achieve remote code execution by crafting a malicious serialized object.

Description

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.

Exploits (1)

nomisec WORKING POC 44 stars

by pwntester · poc

https://github.com/pwntester/SpringBreaker

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2011-2894, a Spring Framework deserialization vulnerability. It leverages Java serialization and Spring's bean factory manipulation to achieve remote code execution by crafting a malicious serialized object.

Classification

Working Poc 95%

Attack Type

Deserialization

Complexity

Complex

Reliability

Reliable

Target: Spring Framework (versions affected by CVE-2011-2894)

No auth needed

Prerequisites: Java environment · Spring Framework vulnerable to CVE-2011-2894 · Ability to send serialized objects to the target

MITRE ATT&CK