>> Apache OFBiz XML-RPC Java Deserialization

USER: deepcore // DATE: 2021-03-13 16:21 // MODIFIED: 2021-03-13

This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz’s unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.