83 lines
2.1 KiB
Plaintext
83 lines
2.1 KiB
Plaintext
# Java Classes for use with Java RCEs
|
|
#
|
|
# Used With Rule 944130 in Apache Struts and Oracle Weblogic RCEs Detection:
|
|
#
|
|
# CVE-2017-5638 (2017.01.29) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638
|
|
# CVE-2017-9791 (2017.06.21) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9791
|
|
# CVE-2017-9805 (2017.06.21) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805
|
|
# CVE-2017-10271 (2017.06.21) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271
|
|
# CVE-2018-11776 (2018.06.05) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776
|
|
# CVE-2021-44228 (2021.11.26) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
|
|
#
|
|
# Additional Resources
|
|
# Apache S2-057 (2019.01.20) https://cwiki.apache.org/confluence/display/WW/S2-057
|
|
|
|
com.opensymphony.xwork2
|
|
com.sun.org.apache
|
|
classLoader
|
|
declaredClass
|
|
freemarker.core
|
|
freemarker.template
|
|
freemarker.ext.rhino
|
|
java.io.BufferedInputStream
|
|
java.io.BufferedReader
|
|
java.io.ByteArrayInputStream
|
|
java.io.ByteArrayOutputStream
|
|
java.io.CharArrayReader
|
|
java.io.DataInputStream
|
|
java.io.File
|
|
java.io.FileOutputStream
|
|
java.io.FilePermission
|
|
java.io.FileWriter
|
|
java.io.FilterInputStream
|
|
java.io.FilterOutputStream
|
|
java.io.FilterReader
|
|
java.io.InputStream
|
|
java.io.IOException
|
|
java.io.LineNumberReader
|
|
java.io.ObjectInputStream
|
|
java.io.ObjectOutputStream
|
|
java.io.OutputStream
|
|
java.io.PipedOutputStream
|
|
java.io.PipedReader
|
|
java.io.PrintStream
|
|
java.io.PushbackInputStream
|
|
java.io.Reader
|
|
java.io.StringReader
|
|
java.lang.Class
|
|
java.lang.Enum
|
|
java.lang.Integer
|
|
java.lang.Number
|
|
java.lang.Object
|
|
java.lang.Process
|
|
java.lang.ProcessBuilder
|
|
java.lang.reflect
|
|
java.lang.Runtime
|
|
java.lang.String
|
|
java.lang.System
|
|
java.net.HttpURLConnection
|
|
java.net.JarURLConnection
|
|
java.net.DatagramSocket
|
|
java.net.MulticastSocket
|
|
java.net.ServerSocket
|
|
java.net.Socket
|
|
java.net.URL
|
|
javassist
|
|
javax.naming.InitialContext
|
|
javax.script.ScriptEngineManager
|
|
javax.xml.parsers
|
|
javax.xml.stream
|
|
OgnlContext
|
|
OgnlUtil
|
|
org.apache.commons
|
|
org.apache.struts
|
|
org.apache.struts2
|
|
org.dom4j.io.SAXReader
|
|
org.jdom2.input.SAXBuilder
|
|
org.omg.CORBA
|
|
org.xml.sax
|
|
PropertyUtilsBean
|
|
java.beans.XMLDecode
|
|
java.nio.file
|
|
sun.reflect
|