[feature request] modules for java deserialization vulnerabilities
thesle3p opened this issue · comments
Several App servers were found to be vulnerable to java deserialization vulnerabilities The article below details exploitation for several app servers:
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
I don't know about those "foxglovesecurity" guys, sounds fishy to me.
It's a pretty well documented vulnerability though.
On Jan 12, 2016 5:53 PM, "Stephen Breen" notifications@github.com wrote:
I don't know about those "foxglovesecurity" guys, sounds fishy to me.
—
Reply to this email directly or view it on GitHub
#44 (comment).
@breenmachine made the original serialization post; he was being facetious :)
This issue is a duplicate of #42 , but yeah it needs to be added.