Java deserialization vulnerability
GPTKB entity
Statements (26)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:security
|
gptkbp:affects |
Java applications
|
gptkbp:category |
insecure deserialization
|
gptkbp:cause |
remote code execution
denial of service arbitrary code execution |
gptkbp:documentedIn |
gptkb:OWASP_Top_10
|
gptkbp:exploits |
gptkb:JBoss
gptkb:WebLogic_Server gptkb:Jenkins Apache Commons Collections sending malicious serialized objects |
gptkbp:firstReported |
2015
|
https://www.w3.org/2000/01/rdf-schema#label |
Java deserialization vulnerability
|
gptkbp:impact |
integrity
availability confidentiality |
gptkbp:mitigatedBy |
input validation
disabling deserialization of untrusted data using safe serialization libraries |
gptkbp:notableExample |
CVE-2015-4852
CVE-2017-9805 |
gptkbp:relatedTo |
serialization
deserialization |
gptkbp:bfsParent |
gptkb:CWE-502
|
gptkbp:bfsLayer |
8
|