Tag: Deserialization
-
Dealing with Deserialization of Untrusted Data in Java Applications
Serialization is a technique that can transform an object into a byte stream. In the Java programming language, these objects are used to …
-
Deserialization Vulnerabilities in Java
1. Overview In this tutorial, we’ll explore how an attacker can use deserialization in Java code to exploit a system. We’ll start by …
-
Why Is Apache Struts So Vulnerable?
Apache Struts is a well-known development framework for Java-based web applications and is mostly used in enterprise environments. If you …
-
Oracle Patches Three Year-Old Java Deserialization Flaw in April Update
Oracle is out with its second critical patch update set for 2019, patching a total of 297 issues spread across its software portfolio, …
-
Flaw in popular PDF creation library enabled remote code execution
A security researcher has discovered a high-severity bug in a popular PHP library that could enable attackers to run remote code on web …
-
[remote] HP Intelligent Management – Java Deserialization RCE (Metasploit)
## # This module requires Metasploit: https://metasploit.com/download # Current …
-
Deserialization issues also affect Ruby, not just Java, PHP, and .NET
The Ruby programming language is impacted by a similar “deserialization issue” that has affected and wreaked havoc in the Java ecosystem in …
-
Why Are Deserialization Vulnerabilities So Popular?
In 2017, around 60 remote code execution (RCE) deserialization vulnerabilities were reported, not including deserialization issues that …
-
New PHP Exploit Chain Highlights Dangers of Deserialization
PHP unserialization attacks have been well known for some time, but a new exploitation method explained last week at Black Hat USA in Las …
-
Serialization Is Dead! Long Live Serialization!
Oracle has signaled there are big changes on the way for how Java handles serialized objects. Java Platform Chief Architect Mark Reinhold …
-
Oracle WebLogic RCE Deserialization Vulnerability (CVE-2018-2628)
On April 17, Oracle released the quarterly Critical Patch Update (CPU) advisory. Among the 254 new security fixes, the CPU also contained a …
-
Waratek Identifies Two New Deserialization Vulnerabilities
The first Oracle Critical Patch Update of 2018 contains fixes for 21 new vulnerabilities in the Java SE platform, 28.5 percent of which …
●●●