CVE-2017-15708

CRITICAL

Apache Synapse < 3.0.1 - Unauthenticated Remote Code Execution via RMI Deserialization

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-15708. PoCs published by HuSoul.

AI-analyzed exploit summary This repository contains a working PoC exploit for CVE-2017-15708, which leverages deserialization vulnerabilities in Apache ActiveMQ. The exploit uses ysoserial to generate a malicious payload and execute arbitrary commands via RMI.

Description

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.

Exploits (1)

nomisec WORKING POC

by HuSoul · poc

https://github.com/HuSoul/CVE-2017-15708

View Code ZIP pw:eip

This repository contains a working PoC exploit for CVE-2017-15708, which leverages deserialization vulnerabilities in Apache ActiveMQ. The exploit uses ysoserial to generate a malicious payload and execute arbitrary commands via RMI.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache ActiveMQ (versions affected by CVE-2017-15708)

No auth needed

Prerequisites: Java runtime environment · ysoserial.jar · Network access to target RMI service

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102154

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9%40%3Cdev.synapse.apache.org%3E

Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2020.html

Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujan2020.html

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r0fb289cd38c915b9a13a3376134f96222dd9100f1ef66b41631865c6%40%3Ccommits.doris.apache.org%3E

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/202107-37

Scores

CVSS v3 9.8

EPSS 0.1990

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-74

Status published

Products (19)

apache/synapse 1.0

apache/synapse 1.1

apache/synapse 1.1.1

apache/synapse 1.1.2

apache/synapse 1.2

apache/synapse 2.0.0

apache/synapse 2.1.0

apache/synapse 3.0.0

Apache Software Foundation/Apache Synapse 1.1.1

Apache Software Foundation/Apache Synapse 1.1.2

... and 9 more

Published Dec 11, 2017

Tracked Since Feb 18, 2026