CVE-2016-1000027 POC (Proof-of-Concept)

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

Published: 2020-01-02

CVSS: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Download CVE-2016-1000027 POC (Proof-of-Concept) here:

http://zeroday4n6aaxjruc5jgvulkdgy4mkioom5g6q7l3nz475a62vmamiyd.onion/exploit-for-cve-2016-1000027.859/

Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.

https://connollyfinan.ie/poc-148-cve-2025-1094/

https://connollyfinan.ie/poc-472-cve-2025-61884/

https://connollyfinan.ie/poc-658-cve-2022-29078/