Tags: dynamic-analysis java
Rating: 2.0
**TLDR**
* It's a Java web application that uses vulnerable third-party component (Apache.CXF) without public exploit so we need to reverse engineer the patch or correctly understand the CVE description.
* From the vulnerable third-party component, it's possible to download local file such as the WAR file.
* We need to analyze the decompiled Java classes and defeat the obfuscation to identify a hidden backdoor.
