PayPal has rewarded two researchers with bug bounties for the discovery of a Java serialization vulnerability in manager.paypal.com A Java serialization vulnerability disclosed more than a year ago ...
Recently, on the "Ask The Architect" session from the Devoxx UK 2018 conference, Oracle's chief architect, Mark Reinhold, shared his thoughts about Java’s serialization mechanism which he called a ...
In the security industry, we know that operating on untrusted inputs is a significant area of risk; and for penetration testers and attackers, a frequent source of high-impact issues. Serialization is ...
Researchers have built proof-of-concept exploits for an unpatched unserialize vulnerability in Apache Commons Collections, a library used in most Java rollouts. For close to 10 months, a critical ...
A recent blog post by FoxGlove Security that described remotely executable exploits against several major middleware products including WebSphere, WebLogic, and JBoss has focused attention on what ...
Oracle plans to drop from Java its serialization feature that has been a thorn in the side when it comes to security. Also known as Java object serialization, the feature is used for encoding objects ...
Make Java security a top priority at every stage of application development, from class-level language features to API endpoint authorization Security is one of the most complex, broad, and important ...
Oracle set another record with its latest quarterly Critical Patch Update (CPU), which included 308 vulnerability fixes, 32 of which were Java-related. Released earlier this month, this CPU more than ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback