Several App servers were found to be vulnerable to java deserialization vulnerabilities The article below details exploitation for several app servers:
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

I don't know about those "foxglovesecurity" guys, sounds fishy to me.

It's a pretty well documented vulnerability though.
On Jan 12, 2016 5:53 PM, "Stephen Breen" notifications@github.com wrote:

I don't know about those "foxglovesecurity" guys, sounds fishy to me.

—
Reply to this email directly or view it on GitHub
#44 (comment).

@breenmachine made the original serialization post; he was being facetious :)

This issue is a duplicate of #42 , but yeah it needs to be added.