CVE-2019-17570

Exploitation Summary

EIP tracks 3 public exploits for CVE-2019-17570. PoCs published by r00t4dm, im23pds, slowmistio.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2019-17570, a deserialization vulnerability in Apache XML-RPC. The exploit sets up a malicious server that crafts a response with a serialized payload to trigger remote code execution on vulnerable clients.

Description

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.

Exploits (3)

nomisec WORKING POC 4 stars

by r00t4dm · poc

https://github.com/r00t4dm/CVE-2019-17570

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2019-17570, a deserialization vulnerability in Apache XML-RPC. The exploit sets up a malicious server that crafts a response with a serialized payload to trigger remote code execution on vulnerable clients.

Classification

Working Poc 90%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Apache XML-RPC (versions affected by CVE-2019-17570)

No auth needed

Prerequisites: Vulnerable Apache XML-RPC client connecting to the malicious server

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC

by im23pds · poc

https://github.com/im23pds/xmlrpc-common-deserialization

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-17570, demonstrating a deserialization vulnerability in Apache XML-RPC's `xmlrpc-common` library. The PoC includes a malicious XML-RPC server and a vulnerable client, leveraging a gadget chain from Apache Commons Collections to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache XML-RPC (xmlrpc-common) versions affected by CVE-2019-17570

No auth needed

Prerequisites: Apache Commons Collections in the classpath · Vulnerable version of xmlrpc-common

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 20, 2026 Full analysis →

nomisec WORKING POC

by slowmistio · poc

https://github.com/slowmistio/xmlrpc-common-deserialization

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-17570, demonstrating a deserialization vulnerability in Apache XML-RPC's `xmlrpc-common` library. The PoC includes a malicious XML-RPC server and a vulnerable client, leveraging a gadget chain from Apache Commons Collections to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache XML-RPC (xmlrpc-common) < 3.1.4

No auth needed

Prerequisites: Apache Commons Collections in classpath · Network access to target XML-RPC client

MITRE ATT&CK