CVE-2016-1000027

This is a custom merged suppression file

owasp-suppression This is a custom merged owasp suppression file for the OWASP dependency check plugin It merges the base from rawgithubusercontentcom/jeremylong/DependencyCheck/main/core/src/main/resources/dependencycheck-base-suppressionxml and custom suppressions I need Eg for CVE-2016-1000027 (spring-projects/spring-framework#24434)

PoC for CVE-2016-1000027 This is a demo Spring Boolt application that is affected by CVE-2016-1000027 Steps to reproduce the vulnerability Start a vulnerable server comgypsyengineerserverServer Run comgypsyengineerclientExploit The Exploit class reads payloadbin and sends it to the vulnerable server payloadbin contains a payload generated by ysoserial The current

Various bits and bobs used in building projects that don't warrant having their own project

WTax Build Support Various bits and bobs used in building projects that don't warrant having their own project This repository is public so that the files in it can be linked to easily using public URLs, eg this file's URL is rawgithubusercontentcom/wtaxco/wtax-build-support/main/READMEmd OWASP Dependency Check Directory: owasp-dependency-check Various

Introduction This repo aims at demonstrating CI/CD practices for containerized apps into Kubernetes cluster The app used it self is a simple RESTful API with /version, and the image of app is hosted currently at dockerhub named leoliu1988/springboot-cicd-demo The pipeline focuses on the prinple of shift left testing for security This repo is written for demo purpose, and ther

TODO better logging: Change logs to be async and send to a queue extract JWT_TOKEN to an external property better error handling for JWT Implement CRUD for user/login remove duplicate code from all *gradle files (repositories, plugins, ) Implement /api/v3/transactions/report /api/v3/transaction/list /api/v3/transaction Implement DAO layer UT, FT, IT Demo This demo ha

httpInvokerServiceExporterRCE The purpose of this project is to understand and demonstrate a proof of concept for CVE-2016-1000027 CVE-2016-1000027 is a Remote Code Execution Vulnerability caused when the HttpInvokerServiceExporterreadRemoteInvocation method deserializes a malicious Java object In this project we will be looking at how the vulnerability works and how to prev

PoC for CVE-2016-1000027

PoC for CVE-2016-1000027 This is a demo Spring Boolt application that is affected by CVE-2016-1000027 Steps to reproduce the vulnerability Start a vulnerable server comgypsyengineerserverServer Run comgypsyengineerclientExploit The Exploit class reads payloadbin and sends it to the vulnerable server payloadbin contains a payload generated by ysoserial The current

Parent POM including quality assurance plugins.

quality-assurance-parent Parent POM designed to ensure a reliable build by explicitly defining specific versions for Java and Maven as well as its basic plugins Furthermore, it configures quality assurance components such as JaCoCo, OWASP Dependency-Check and SpotBugs Requirements The following build tool versions are required via Maven's enforcer plugin: Java 11 Maven

Spring Web 5.x with `org.springframework.remoting` package removed, to fix CVE-2016-1000027.

spring-web-without-remoting Spring Web 5x with orgspringframeworkremoting package removed, to fix CVE-2016-1000027 For more info, see spring-projects/spring-framework #24434

Workshop Objectives 악성코드탐지 플랫폼 SonaType Nexus Firewall (IQ Server) 을 이용하여, SDLC 내에 위협요소가 유입되는 것을 방지할 수 있도록 Nexus Repository와 Nexus Firewall을 통한 실습을 수행합니다 가장 많이 사용하는 NPM, MAVEN, PYPI를 통해서 위협요소를 평가 실습하며, 주어진 미션을 완성함을 목적

Sonatype Application Builder This project simplifies starting application development for front-end, back-end, and full stack applications inside Sonatype's ecosystem It is meant for everything from quick prototypes to customer facing projects The front-end and back-end parts of the project are independent and you can choose if you want to use just one, both, or even whi

Mitigated version for CVE-2016-1000027 spring web.

Spring-Web-5xx-Mitigated-version Overview This mitigated version of Spring Web (5xx) is specifically crafted to address critical vulnerabilities detected by multiple vendors using Sonatype and Mend The vulnerabilities, identified under the CVE-2016-1000027 advisory, pose a risk of remote code execution (RCE) when the Spring Framework 414 is used for Java deserialization of