Java deserialization vulnerability

GPTKB entity

Statements (26)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:affects Java applications
gptkbp:category insecure deserialization
gptkbp:cause remote code execution
denial of service
arbitrary code execution
gptkbp:documentedIn gptkb:OWASP_Top_10
gptkbp:exploits gptkb:JBoss
gptkb:WebLogic_Server
gptkb:Jenkins
Apache Commons Collections
sending malicious serialized objects
gptkbp:firstReported 2015
https://www.w3.org/2000/01/rdf-schema#label Java deserialization vulnerability
gptkbp:impact integrity
availability
confidentiality
gptkbp:mitigatedBy input validation
disabling deserialization of untrusted data
using safe serialization libraries
gptkbp:notableExample CVE-2015-4852
CVE-2017-9805
gptkbp:relatedTo serialization
deserialization
gptkbp:bfsParent gptkb:CWE-502
gptkbp:bfsLayer 8