gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76793 Posts in 13502 Topics by 1651 Members - Latest Member: Arnold99 November 23, 2024, 10:57:53 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Major Java Flaw - Deserialization
gfx
gfxgfx
 

Author Topic: Major Java Flaw - Deserialization  (Read 743 times)

0 Members and 2 Guests are viewing this topic.

Major Java Flaw - Deserialization
« on: November 24, 2015, 08:14:08 pm »
The Java deserialization vulnerability can be exploited to remotely take
control of app servers. It affects all apps that accept serialized Java
objects. The issue has been known for a while, but it has not attracted
much attention because until now, there were no publicly available
exploits for it. The problem is due to apps not validating or checking
untrusted input prior to deserialization.
What makes this flaw so nasty is that it is
not a flaw in Java itself, but instead a flaw in a widely used library.
Inventorying which libraries are used by specific software is
notoriously difficult. Several major enterprise software packages have
been updated as a result. But the real challenge is internally written
software, or custom software procured from third parties.
http://www.darkreading.com/informationweek-home/why-the-java-deserialization-bug-is-a-big-deal/d/d-id/1323237?

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Major Java Flaw - Deserialization
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.008 seconds with 22 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!