Why Are Deserialization Vulnerabilities So Popular?

In 2017, around 60 remote code execution (RCE) deserialization vulnerabilities were reported, not including deserialization issues that only impact the availability of a system (Denial-of-Service), according to cvedetails.com. To date, in 2018, more than 80 such vulnerabilities have been reported. In the past, WebLogic, Oracle’s Enterprise Java application server, has been extensively patched against deserialization issues.

The latest October 2018 Oracle Critical Patch Update (CPU) fixes another series of deserialization issues in WebLogic.

Because of this, I am often asked why Java deserialization vulnerabilities are being discovered so frequently? Is there a fun…
DZone Security Zone

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.