Announcements
This ISC2 Community will be decommissioned as of May 29, 2026. Please join your peers and connect with your chapter at https://isc2chapters.isc2.org.
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion
‎04-30-2020 10:26 PM
‎04-30-2020 10:26 PM

Java Deserialization, it's still a thing...

Java deserialization vulnerabilities were discovered and disclosed in January 2015 by Gabriel Lawrence and Chris Frohoff. These serious vulnerabilities arise from the way in which Java deserializes serialized objects (see the presentation of Gabriel Lawrence and Chris Frohoff). The underlying flaw in Java has not been fixed by Oracle, most likely due to the impact a fix would have on various frameworks and libraries. However, many workarounds can be applied to prevent exploitation. What's new? If you are hunting for AppDefects try out this cool Java Deserialization Scanner.

Reply
0 Kudos
0 Replies