CVE-2017-9830

CRITICAL

Code42 CrashPlan 5.4.x - Remote Code Execution via org.apache.commons.ssl.rmi.DateRMI Deserialization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-9830. PoCs published by securifera.

AI-analyzed exploit summary This PoC exploits a deserialization vulnerability in Apache Commons SSL's RMI service (CVE-2017-9830) by sending a crafted serialized object to register a malicious class and trigger arbitrary code execution. The exploit connects to a target IP on port 4282 and sends two packets: one to register a class and another to trigger the payload.

Description

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.

Exploits (1)

nomisec WORKING POC 1 stars
by securifera · poc
https://github.com/securifera/CVE-2017-9830

This PoC exploits a deserialization vulnerability in Apache Commons SSL's RMI service (CVE-2017-9830) by sending a crafted serialized object to register a malicious class and trigger arbitrary code execution. The exploit connects to a target IP on port 4282 and sends two packets: one to register a class and another to trigger the payload.

Classification
Working Poc 95%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Apache Commons SSL RMI service
No auth needed
Prerequisites: Network access to the target on port 4282 · Vulnerable version of Apache Commons SSL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://blog.radicallyopensecurity.com/CVE-2017-9830.html

Scores

CVSS v3 9.8
EPSS 0.0648
EPSS Percentile 92.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-502
Status published
Products (1)
code42/crashplan 5.4
Published Jun 27, 2017
Tracked Since Feb 18, 2026