securitony (3)
Last Login: May 03, 2022
securitony's Latest (1) Contributions
Technical Analysis
Several Red Hat JBoss products (JBoss Middleware Suite) widely used in enterprise environments were found to be vulnerable to a Java object serialization flaw. Exploit code is publicly available and PoC exploits are easy to develop, which allow attackers to execute arbitrary code on the affected servers with the permissions of the JBoss application.
The vulnerability resides in Apache Commons Collections library which allows deserialization of untrusted user input in JBoss and many other software products (for more information: https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/),