A vulnerability in the popular Java-library Apache Commons continues to endanger thousands of server applications. It is reported by news portal ITNews.
Apache Commons library has become a de facto standard when creating server applications and is used in products such as Oracle WebLogic, IBM WebSphere, JBoss, Jenkins and OpenNMS. The vulnerability was discovered in January this year.It is contained in the class InvokerTransformer and allows you to embed arbitrary code to be executed when deserializing an object.
The problem did not attract enough attention, as is commonly believed that the provision of security during deserialization of objects lying on the creator of the application, not the library.
Perhaps, this vulnerability may be present in other libraries.
Apache Commons library has become a de facto standard when creating server applications and is used in products such as Oracle WebLogic, IBM WebSphere, JBoss, Jenkins and OpenNMS. The vulnerability was discovered in January this year.It is contained in the class InvokerTransformer and allows you to embed arbitrary code to be executed when deserializing an object.
The problem did not attract enough attention, as is commonly believed that the provision of security during deserialization of objects lying on the creator of the application, not the library.
Perhaps, this vulnerability may be present in other libraries.
Комментариев нет:
Отправить комментарий