CVE-2016-1000027

This repository contains a functional PoC for CVE-2016-1000027, demonstrating a deserialization vulnerability in Spring Framework's HttpInvokerServiceExporter. The exploit sends a malicious serialized payload to trigger remote code execution.

This repository contains a functional exploit PoC for CVE-2016-1000027, demonstrating a deserialization vulnerability in Spring's HTTP Invoker. The exploit sends a crafted serialized payload to trigger remote code execution.

This repository provides a technical writeup and mitigated version of Spring Web to address CVE-2016-1000027, a remote code execution vulnerability in Java deserialization. It discusses the removal of the vulnerable `handleRequest` functionality in `HttpInvokerServiceExporter` and provides context for organizations constrained to OpenJDK 8.

This repository contains a functional exploit PoC for CVE-2016-1000027, demonstrating a deserialization vulnerability in Spring's HttpInvokerServiceExporter. The exploit includes an attack script that sends a crafted serialized payload to a vulnerable endpoint, along with a vulnerable Spring application setup for testing.

The repository contains only a GitLab CI configuration and a README referencing CVE-2016-1000027 without any exploit code or technical details. It appears to be a placeholder or incomplete project.

This repository provides a technical solution to mitigate CVE-2016-1000027 by removing the vulnerable `org.springframework.remoting` package from Spring Web 5.x. It references the GitHub advisory and issue for further context.