CVE-2015-6420 PoC — 多款Cisco产品Apache Commons Collections库任意代码执行漏洞

Source

https://github.com/Leeziao/CVE-2015-6420

Associated Vulnerability

Title:多款Cisco产品Apache Commons Collections库任意代码执行漏洞 (CVE-2015-6420)
Description:Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Readme

# CVE-2015-6420

![漏洞触发路径](CVE-2015-6420.png)

- 反序列化漏洞

## 参考

-  [Java反序列化漏洞-CC 利用链分析](https://blog.csdn.net/weixin_49125123/article/details/135040071)

File Snapshot


 [4.0K]  /data/pocs/8276cdedaaa4279fd0f465964e6136b5e6f9c03a
├── [6.0K]  CVE-2015-6420.drawio
├── [ 51K]  CVE-2015-6420.png
├── [ 218]  exp.py
├── [ 880]  pom.xml
├── [ 203]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            └── [4.0K]  org
                └── [4.0K]  example
                    └── [6.3K]  Main.java

5 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!