Java Buzz Forum - Library misuse exposes leading Java platforms to attack

Articles |
News |
Weblogs |
Books |
Forums

Artima Forums | Articles | Weblogs | Java Answers | News

Sponsored Link •

Java Buzz Forum
Library misuse exposes leading Java platforms to attack

0 replies on 1 page.

Welcome Guest
Sign In

Back to Topic List

Reply to this Topic

Search Forum

Threaded View


Previous Topic		Next Topic

Flat View: This topic has 0 replies on 1 page

News Manager

Posts: 47623
Nickname: newsman
Registered: Apr, 2003

News Manager is the force behind the news at Artima.com.

Library misuse exposes leading Java platforms to attack

Posted: Nov 10, 2015 11:41 AM

This post originated from an RSS feed registered with Java Buzz by News Manager.
Original Post: Library misuse exposes leading Java platforms to attack Feed Title: JavaWorld Feed URL: http://www.javaworld.com/index.rss Feed Description: JavaWorld.com: Fueling Innovation	Latest Java Buzz Posts Latest Java Buzz Posts by News Manager Latest Posts From JavaWorld

Researchers from Foxglove Security have confirmed deserialization vulnerabilities in third-party Java libraries that could be used to remotely exploit JBoss, WebSphere, Jenkins, WebLogic, and OpenNMS installations, among others. While the issue could potentially exist in many applications, the vulnerability is in how developers deal with user-supplied serialized data and not the libraries themselves.

The issue exists in cases where the application accepts serialized Java objects as input. Unserialize vulnerabilities arise when developers accept serialized data -- application data that's been converted to another format -- as user input, then attempt to read back data.

To read this article in full or to leave a comment, please click here

Read: Library misuse exposes leading Java platforms to attack

Previous Topic

Next Topic


	Web Artima.com