Reliable discovery and exploitation of Java deserialization vulnerabilities On 24 May, 2017 By Federico Dotta Introduction Java deserialization vulnerabilities were discovered and disclosed in January 2015 by Gabriel Lawrence and Chris Frohoff. These serious vulnerabilities arise from the way in which Java deserializes serialized objects (see…
CVE-2016-8919 – IBM WebSphere deserialization of untrusted data On 6 Feb, 2017 By Maurizio Agazzini (aka inode) IBM WebSphere deserialization of untrusted data: http://lab.mediaservice.net/advisory/2016-03-websphere.txt [crayon-5ae14aa5ef198908185402/]
