CVE-2015-8103

CRITICAL LAB

Jenkins CLI RMI Java Deserialization Vulnerability

Title source: metasploit

Exploitation Summary

EIP tracks 6 public exploits for CVE-2015-8103. PoCs published by Metasploit, r00t4dm, cved-sources, including Metasploit module auxiliary/scanner/http/jenkins_command.

AI-analyzed exploit summary This Metasploit module exploits CVE-2015-8103, an unsafe Java deserialization vulnerability in Jenkins, allowing unauthenticated remote code execution by sending a malicious serialized payload to the Jenkins CLI port.

Description

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".

Exploits (6)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotejava

https://www.exploit-db.com/exploits/38983

View Code ZIP pw:eip

This Metasploit module exploits CVE-2015-8103, an unsafe Java deserialization vulnerability in Jenkins, allowing unauthenticated remote code execution by sending a malicious serialized payload to the Jenkins CLI port.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Jenkins 1.637 and earlier

No auth needed

Prerequisites: Network access to Jenkins CLI port · Jenkins version <= 1.637

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec STUB

by r00t4dm · poc

https://github.com/r00t4dm/Jenkins-CVE-2015-8103

View Code ZIP pw:eip

The repository contains only JavaScript library files and a minimal README with no exploit code or technical details about CVE-2015-8103. It appears to be a placeholder or incomplete project.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Jenkins

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec STUB

by cved-sources · poc

https://github.com/cved-sources/cve-2015-8103

View Code ZIP pw:eip

The repository contains only a Dockerfile and a README with no actual exploit code. It references a vulnerable JBoss AS6 container but does not include a functional PoC or technical details.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: JBoss AS6

No auth needed

Prerequisites: Docker environment

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC

by altonjx, Jeffrey Cap · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/jenkins_command.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated Jenkins-CI script console to execute arbitrary commands. It fingerprints the OS, handles CSRF tokens, and executes the specified command via the Jenkins script console.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Jenkins-CI (versions affected by CVE-2015-8103)

No auth needed

Prerequisites: Access to the Jenkins script console endpoint · Unauthenticated access or misconfigured permissions

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/opennms_java_serialize.rb

View Code ZIP pw:eip

This Metasploit module exploits a Java object deserialization vulnerability in OpenNMS, allowing unauthenticated remote code execution via crafted RMI requests. The exploit generates a serialized payload to trigger arbitrary command execution on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenNMS (versions affected by CVE-2015-8103)

No auth needed

Prerequisites: Network access to OpenNMS RMI service (default port 1099) · Vulnerable OpenNMS version

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Christopher Frohoff, Steve Breen, Dev Mohanty, Louis Sato, wvu, juan vazquez, Wei Chen · rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/jenkins_java_deserialize.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2015-8103, a Java deserialization vulnerability in Jenkins, allowing unauthenticated remote code execution. It leverages ysoserial payloads to craft malicious serialized objects sent via the Jenkins CLI RMI interface.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Jenkins 1.637 and earlier

No auth needed

Prerequisites: Network access to Jenkins CLI port · Jenkins version <= 1.637

MITRE ATT&CK