{"vulnerability": "cve-2016-9299", "sightings": [{"uuid": "3b3ee0c8-0ce5-4526-8f49-aedb276fcba0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-9299", "type": "exploited", "source": "https://www.exploit-db.com/exploits/44642", "content": "", "creation_timestamp": "2018-05-17T00:00:00.000000Z"}, {"uuid": "ec27180d-4776-4a3e-a5ce-ac8c01448caf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-9299", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:42.000000Z"}, {"uuid": "14137637-e78b-47d6-ae0f-293ddab18b75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-9299", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:09:50.000000Z"}, {"uuid": "83a9b0b4-9d8e-4074-a500-22efc5636ff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-9299", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/jenkins_ldap_deserialize.rb", "content": "", "creation_timestamp": "2018-05-29T15:50:33.000000Z"}, {"uuid": "f07bd5ed-2700-4359-9564-6ad0519cebda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-9299", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/350", "content": "(https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui))  C1 CMS (CVE-2019-18211 (https://medium.com/@frycos/yet-another-net-deserialization-35f6ce048df7))  Jenkins (CVE-2016-9299 (https://nvd.nist.gov/vuln/detail/CVE-2016-9299))  What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. (https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/) \u2013 @breenmachine, FoxGloveSecurity (2015)    Talks and Write-Ups    PSA: Log4Shell and the current state of JNDI injection (https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/) - Moritz Bechler (2021)  This is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits (https://www.mandiant.com/resources/apt41-initiates-global-intrusion-campaign-using-multiple-exploits) \u2013 Chris Glyer, Dan Perez, Sarah Jones, Steve Miller (2020)  Deep Dive into .NET ViewState deserialization and its exploitation (https://swapneildash.medium.com/deep-dive-into-net-viewstate-deserialization-and-its-exploitation-54bf5b788817) \u2013 Swapneil Dash (2019)  Exploiting  (https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/)Deserialization (https://www.kitploit.com/search/label/Deserialization) in ASP.NET via ViewState \u2013 Soroush Dalili (2019)  Use of Deserialization in .NET Framework Methods and Classes (https://research.nccgroup.com/wp-content/uploads/2020/07/whitepaper-new.pdf) \u2013 Soroush Dalili(2018)  Friday the 13th, JSON Attacks (https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf) \u2013 Alvaro Mu\u00f1os and Oleksandr Mirosh (2017)  Exploiting .NET Managed DCOM (https://googleprojectzero.blogspot.com/2017/04/exploiting-net-managed-dcom.html) \u2013 James Forshaw, Project Zero (2017)  Java Unmarshaller Security (https://github.com/frohoff/marshalsec/blob/master/marshalsec.pdf) \u2013 Moritz Bechler (2017)  Deserialize My Shorts (https://www.slideshare.net/frohoff1/deserialize-my-shorts-or-how-i-learned-to-start-worrying-and-hate-java-object-deserialization) \u2013 Chris Frohoff (2016)  Pwning Your Java Messaging with Deserialization Vulnerabilities (https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities-wp.pdf) \u2013 Matthias Kaiser (2016)  Journey from JNDI/LDAP  (https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf)Manipulation (https://www.kitploit.com/search/label/Manipulation) to Remote Code Execution (https://www.kitploit.com/search/label/Remote%20Code%20Execution) Dream Land \u2013 Alvaro Mu\u00f1os and Oleksandr Mirosh (2016)  Marshalling Pickles (https://www.youtube.com/watch?v=KSA7vUkXGSg) \u2013 Chris Frohoff and Gabriel Lawrence (2015)  Are you my Type? Breaking .NET Through Serialization (https://github.com/VulnerableGhost/.Net-Sterilized--Deserialization-Exploitation/blob/master/BH_US_12_Forshaw_Are_You_My_Type_WP.pdf) \u2013 James Forshaw (2012)  A Spirited Peek into ViewState (https://deadliestwebattacks.com/2011/05/13/a-spirited-peek-into-viewstate-part-i/) \u2013 Mike Shema (2011)    \nAuthor:\u00a0Alyssa Rahman @ramen0x3fCreated:\u00a02021-10-27Last Updated:\u00a02021-12-02Blog:\u00a0https://www.mandiant.com/resources/hunting-deserialization-exploitsFor more details on this tool and the research process behind it, check out\u00a0our blog (https://www.mandiant.com/resources/hunting-deserialization-exploits)!\n\nDownload Heyserial (https://github.com/mandiant/heyserial)", "creation_timestamp": "2022-05-12T22:17:01.000000Z"}]}