clusterd icon indicating copy to clipboard operation
clusterd copied to clipboard
verified publisher icon hatRiot

[feature request] modules for java deserialization vulnerabilities

Open thesle3p opened this issue 9 years ago • 3 comments

Several App servers were found to be vulnerable to java deserialization vulnerabilities The article below details exploitation for several app servers: http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

thesle3p avatar Jan 12 '16 22:01 thesle3p

I don't know about those "foxglovesecurity" guys, sounds fishy to me.

breenmachine avatar Jan 12 '16 22:01 breenmachine

It's a pretty well documented vulnerability though. On Jan 12, 2016 5:53 PM, "Stephen Breen" [email protected] wrote:

I don't know about those "foxglovesecurity" guys, sounds fishy to me.

— Reply to this email directly or view it on GitHub https://github.com/hatRiot/clusterd/issues/44#issuecomment-171088333.

thesle3p avatar Jan 12 '16 23:01 thesle3p

@breenmachine made the original serialization post; he was being facetious :)

This issue is a duplicate of #42 , but yeah it needs to be added.

hatRiot avatar Jan 12 '16 23:01 hatRiot