breenmachine
commented
8 years ago I don't know about those "foxglovesecurity" guys, sounds fishy to me.
Open thesle3p opened 8 years ago
breenmachine
commented
8 years ago I don't know about those "foxglovesecurity" guys, sounds fishy to me.
thesle3p
commented
8 years ago It's a pretty well documented vulnerability though. On Jan 12, 2016 5:53 PM, "Stephen Breen" notifications@github.com wrote:
I don't know about those "foxglovesecurity" guys, sounds fishy to me.
— Reply to this email directly or view it on GitHub https://github.com/hatRiot/clusterd/issues/44#issuecomment-171088333.
hatRiot
commented
8 years ago @breenmachine made the original serialization post; he was being facetious :)
This issue is a duplicate of #42 , but yeah it needs to be added.
Several App servers were found to be vulnerable to java deserialization vulnerabilities The article below details exploitation for several app servers: http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/