CVE-2016-5983

HIGH

IBM WebSphere Application Server (WAS) <9.0.0.2 - Authenticated RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-5983. PoCs published by BitWrecker.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2016-5983, a deserialization vulnerability in IBM WebSphere. It explains the root cause, affected versions, and includes references to payloads for DoS attacks but does not contain functional exploit code.

Description

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.

Exploits (1)

nomisec WRITEUP 1 stars
by BitWrecker · poc
https://github.com/BitWrecker/CVE-2016-5983

This repository provides a detailed technical analysis of CVE-2016-5983, a deserialization vulnerability in IBM WebSphere. It explains the root cause, affected versions, and includes references to payloads for DoS attacks but does not contain functional exploit code.

Classification
Writeup 95%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Theoretical
Target: IBM WebSphere 7, 8, 8.5, 9
No auth needed
Prerequisites: Custom form authentication enabled · Invalid LtpaToken2 session cookie
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www-01.ibm.com/support/docview.wss?uid=swg21990060
Broken Link vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI62375
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93162

Scores

CVSS v3 7.5
EPSS 0.0412
EPSS Percentile 89.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (50)
ibm/websphere_application_server 7.0
ibm/websphere_application_server 7.0.0.0
ibm/websphere_application_server 7.0.0.1
ibm/websphere_application_server 7.0.0.2
ibm/websphere_application_server 7.0.0.3
ibm/websphere_application_server 7.0.0.4
ibm/websphere_application_server 7.0.0.5
ibm/websphere_application_server 7.0.0.6
ibm/websphere_application_server 7.0.0.7
ibm/websphere_application_server 7.0.0.8
... and 40 more
Published Oct 05, 2016
Tracked Since Feb 18, 2026