CVE-2019-0189

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...

CVE-2019-14224

CVE-2019-14224 affects Alfresco Community Edition 5.2 (201707). The vulnerability arises from an exploit chain where an attacker uploads malicious Solr configuration files, then triggers a JMX connection to serve a Java object that leads to deserialization and remote code execution. This chain re...

Apache Tapestry 5.3.6 HMAC Timing Attack Vulnerability

Exploit for java platform in category web applications CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry Affected versions: - Apache Tapestry 5.3.6 through current releases. Description: Apache Tapestry uses HMACs to verify the integrity of objects stored on the client side...

hazelcast: java deserialization in join cluster procedure leading to remote code execution

A flaw was found in the cluster join procedure in Hazelcast. This flaw allows an attacker to gain remote code execution via Java deserialization...

OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

Oracle WebLogic Server Deserialization RCE (CVE-2019-2729)

The Oracle WebLogic server is affected by a remote code execution vulnerability in wls9asyncresponse.war and wls-wsat.war packages due to unsafe deserialization of Java objects. A remote unauthenticated attacker can exploit the issue by sending a custom Java serialized object via HTTP request to...

The original Java deserialization remote execution vulnerabilities so simple-vulnerability warning-the black bar safety net

Here we for Java deserialization issue caused remote code execution vulnerability principles are introduced. In order to simplify the description,without introducing a 3rd party library under the premise of the Operation, HOPE can serve to initiate the effect. There are 3 main parts: The Java...

CVE-2016-10750

In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...

Remote code execution

In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...

CVE-2016-10750

In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...

CVE-2016-10750

CVE-2016-10750 is a Java deserialization RCE vulnerability in Hazelcast used by Atlassian Confluence Data Center when running in a clustered configuration. A remote, unauthenticated attacker can exploit the issue by sending a crafted JoinRequest to a Hazelcast instance listening on the cluster po...

CVE-2016-10750

In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...

Apache Solr Remote Code Execution Vulnerability

Apache Solr is an open source enterprise search platform written in Java. A remote code execution vulnerability exists in Apache Solr versions 5.0.0 - 5.5.5, 6.0.0 - 6.6.5. The vulnerability stems from the Config API allowing configuration of a JMX server via HTTP POST requests. An attacker can...

February 2019 Patch Tuesday – 74 Vulns, 20 Critical, Exchange 0-day, Adobe Vulns

This month's Patch Tuesday is very large, with 74 vulns being addressed of which 20 are labeled as critical. Fifteen of these critical vulns are in the Scripting Engine and browsers, with the remainder being GDI+, SharePoint, and DHCP. Microsoft also issued an Advisory for an Exchange 0-day, alon...

CVE-2018-20732

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant...

CVE-2018-20732

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant...

CVE-2018-20732

CVE-2018-20732 affects SAS Web Infrastructure Platform prior to 9.4M6, where a Java deserialization variant allows remote code execution. The vulnerability impacts the platform’s deserialization handling, enabling arbitrary code execution by an authenticated or unauthenticated attacker over the n...

CVE-2018-20732

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

Java Deserialization Vulnerability Detection This is a Java d...