Serialization

Reliable discovery and exploitation of Java deserialization vulnerabilities

On 24 May, 2017
By Federico Dotta

Introduction Java deserialization vulnerabilities were discovered and disclosed in January 2015 by Gabriel Lawrence and Chris Frohoff. These serious vulnerabilities arise from the way in which Java deserializes serialized objects (see…

CVE-2016-8919 – IBM WebSphere deserialization of untrusted data

On 6 Feb, 2017
By Maurizio Agazzini (aka inode)

IBM WebSphere deserialization of untrusted data: http://lab.mediaservice.net/advisory/2016-03-websphere.txt [crayon-5c9a555340e0f650408736/]