/claim #12444

Template Overview

This PR adds a complete Nuclei template for CVE-2019-17564 - Apache Dubbo insecure deserialization vulnerability.

📋 What’s Included

Template Details

• ID: apache-dubbo-cve-2019-17564
• Severity: Critical (CVSS 9.8)
• CVE: CVE-2019-17564
• Affected Versions: Apache Dubbo 2.5.x, 2.6.0-2.6.7, 2.7.0-2.7.4
• Attack Vector: HTTP POST with malicious Java objects
• Impact: Remote Code Execution

Files Added

• http/vulnerabilities/apache/apache-dubbo-cve-2019-17564.yaml - Nuclei template
• code/cves/2019/CVE-2019-17564/Dockerfile - Vulnerable environment
• code/cves/2019/CVE-2019-17564/docker-compose.yml - Easy setup
• code/cves/2019/CVE-2019-17564/README.md - Documentation

Template Details

Complete POC (Not Just Detection)

• Sends malicious Java object payloads via HTTP POST
• Detects Java deserialization exceptions in responses
• Multiple payload types for comprehensive testing

Strong Matchers (No False Positives)

• Specific Java exception patterns:
  • java.lang.ClassNotFoundException
  • java.io.InvalidClassException
  • java.lang.ClassCastException
  • java.io.StreamCorruptedException
  • java.lang.NullPointerException
• HTTP status codes (500, 400)
• Response body and header analysis

Optimized Design

• Single request with multiple endpoints (/, /dubbo, /dubbo/)
• Proper part specifications for matchers
• Extractors for detailed analysis
• Minimal request count for efficiency

Testing & Validation

Vulnerable Environment

• Complete Docker environment with Apache Dubbo 2.7.3
• HTTP protocol enabled (required for vulnerability)
• Ready-to-run with docker-compose up -d

Verification Results

# Template validation
nuclei -validate -t http/vulnerabilities/apache/apache-dubbo-cve-2019-17564.yaml

# Test against vulnerable environment
nuclei -u http://localhost:8080 -t http/vulnerabilities/apache/apache-dubbo-cve-2019-17564.yaml -v

Expected Output:

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.5

		projectdiscovery.io

[VER] Started metrics server at localhost:9092
[INF] Current nuclei version: v3.4.5 (latest)
[INF] Current nuclei-templates version: v10.2.3 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 105
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[VER] [apache-dubbo-cve-2019-17564] Sent HTTP request to http://localhost:8080/
[apache-dubbo-cve-2019-17564] [http] [critical] http://localhost:8080/ ["java.lang.NullPointerException"]
[VER] [apache-dubbo-cve-2019-17564] Sent HTTP request to http://localhost:8080/dubbo
[apache-dubbo-cve-2019-17564] [http] [critical] http://localhost:8080/dubbo ["java.lang.NullPointerException"]
[VER] [apache-dubbo-cve-2019-17564] Sent HTTP request to http://localhost:8080/dubbo/
[apache-dubbo-cve-2019-17564] [http] [critical] http://localhost:8080/dubbo/ ["java.lang.NullPointerException"]
[INF] Scan completed in 84.614584ms. 3 matches found.