gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75299 Posts in 13185 Topics by 2635 Members - Latest Member: dobbin96 August 17, 2017, 09:30:38 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Major Java Flaw - Deserialization
gfx
gfxgfx
 

Author Topic: Major Java Flaw - Deserialization  (Read 199 times)

0 Members and 1 Guest are viewing this topic.

Major Java Flaw - Deserialization
« on: November 24, 2015, 08:14:08 pm »
The Java deserialization vulnerability can be exploited to remotely take
control of app servers. It affects all apps that accept serialized Java
objects. The issue has been known for a while, but it has not attracted
much attention because until now, there were no publicly available
exploits for it. The problem is due to apps not validating or checking
untrusted input prior to deserialization.
What makes this flaw so nasty is that it is
not a flaw in Java itself, but instead a flaw in a widely used library.
Inventorying which libraries are used by specific software is
notoriously difficult. Several major enterprise software packages have
been updated as a result. But the real challenge is internally written
software, or custom software procured from third parties.
http://www.darkreading.com/informationweek-home/why-the-java-deserialization-bug-is-a-big-deal/d/d-id/1323237?

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Major Java Flaw - Deserialization
 

gfxgfx
gfx
©2005-2017 WinMXWorld.com. All rights reserved.
SMF 2.0.14 | SMF © 2017, Simple Machines
Page created in 0.029 seconds with 21 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!