Source |
Code White |
Identifiant |
351853 |
Date de publication |
2016-04-12 16:11:34 (vue: 2016-04-12 16:11:34) |
Titre |
Infiltrate 2016 Slidedeck: Java Deserialization Vulnerabilities |
Texte |
The outcome of Code White's research efforts into Java deserialization vulnerabilities was presented at Infiltrate 2016 by Matthias Kaiser.The talk gave an introduction into finding and exploiting Java deserialization vulnerabilities. Technical details about the Oracle Weblogic deserialization RCE (CVE-2015-4852) and a SAP Netweaver AS Java 0day were shown.The slidedeck doesn't include the SAP Netweaver AS Java 0day POC and it won't be published until fixed.It can be found here: http://www.slideshare.net/codewhitesec/java-deserialization-vulnerabilities-the-forgotten-bug-classStay tuned! |
Envoyé |
Oui |
Condensat |
can 0day 2015 2016 4852 about bug classstay code cve deserialization details doesn efforts exploiting finding fixed forgotten found gave here: http://www include infiltrate introduction java kaiser matthias net/codewhitesec/java netweaver oracle outcome poc presented published rce research sap shown slidedeck slidedeck: slideshare talk technical tuned until vulnerabilities weblogic white won |
Tags |
|
Stories |
|
Notes |
|
Move |
|