Create CVE-2016-8735.yaml

[hnd3884]

/claim #10893

Template / PR Information

Command run template

nuclei -u [HOST]:[RMI REGISTRY PORT] -t CVE-2016-8735.yaml -code
# example: nuclei -u 192.168.180.1:10001 -t CVE-2016-8735.yaml -code

The template use interactsh protocol via URLDNS gadget to detect unsafe deserialization

• Added CVE-2016-8735
• References:
  • https://medium.com/tenable-techblog/achieving-rce-on-tomcat-via-cve-2016-8735-a-proof-of-concept-13df8a9ef0e0

Template Validation

I've validated this template locally?

• YES
• NO

Additional Details (leave it blank if not applicable)

POC

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

[algora-pbc]

👉 To complete your submission, sign up on Algora, link your Github account and submit the data for your PR.

[GeorginaReeder]

Thanks so much for your contribution @hnd3884 !

[princechaddha]

@hnd3884, thank you so much for sharing this template with the community and contributing to this project 🍻

Can you confirm if this CVE can’t be written using HTTP/TCP + helpers or the JS protocol? We avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript, as such templates are blocked by default and won’t produce results. Therefore, we prioritize creating templates with other protocols unless exceptions are made.

[hnd3884]

Dear @princechaddha,

I think it's hard to write the template using only HTTP/TCP because the complex of exploit steps with many data/byte processing. TCP transactions is complex too as we want to simulate Java's JMXConnectorFactory. I'm not farmiliar with Javascript.