Java deserialization vulnerability
GPTKB entity
Statements (26)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:security
|
| gptkbp:affects |
Java applications
|
| gptkbp:category |
insecure deserialization
|
| gptkbp:cause |
remote code execution
denial of service arbitrary code execution |
| gptkbp:documentedIn |
gptkb:OWASP_Top_10
|
| gptkbp:exploits |
gptkb:JBoss
gptkb:WebLogic_Server gptkb:Jenkins Apache Commons Collections sending malicious serialized objects |
| gptkbp:firstReported |
2015
|
| https://www.w3.org/2000/01/rdf-schema#label |
Java deserialization vulnerability
|
| gptkbp:impact |
integrity
availability confidentiality |
| gptkbp:mitigatedBy |
input validation
disabling deserialization of untrusted data using safe serialization libraries |
| gptkbp:notableExample |
CVE-2015-4852
CVE-2017-9805 |
| gptkbp:relatedTo |
serialization
deserialization |
| gptkbp:bfsParent |
gptkb:CWE-502
|
| gptkbp:bfsLayer |
8
|