Why Are Deserialization Vulnerabilities So Popular?
In 2017, around 60 remote code execution (RCE) deserialization vulnerabilities were reported, not including deserialization issues that only impact the availability of a system (Denial-of-Service), according to cvedetails.com. To date, in 2018, more than 80 such vulnerabilities have been reported. In the past, WebLogic, Oracle’s Enterprise Java application server, has been extensively patched against deserialization issues.
The latest October 2018 Oracle Critical Patch Update (CPU) fixes another series of deserialization issues in WebLogic.
Because of this, I am often asked why Java deserialization vulnerabilities are being discovered so frequently? Is there a fun…
DZone Security Zone
Pavlos Papadopoulos
Pavlos Papadopoulos is a Senior Field Engineer and long-time technology enthusiast based in Thessaloniki, Greece. With over a decade of hands-on experience working with hardware, software, mobile devices, and real-world IT systems, he brings a practical, engineer-level perspective to every article he writes.A passionate smartphone user—especially within the Xiaomi ecosystem—Pavlos explores how apps, tools, and everyday technologies perform in real use. His interests span programming, web development, DIY tech projects, digital workflows, and productivity tools.He is also the founder and editor of three technology websites: Gadget Rumours, TheLatestTechNews, and TechnologyNews.info, where he has written and curated more than a thousand articles covering software, mobile tech, hardware, and emerging digital trends.Pavlos is committed to clear explanations, helpful guides, and honest, experience-based insights that help readers make better decisions about the technology they use every day.
Tech content on this site may include contributed articles and partnerships with industry voices. Learn more in our Editorial Policy.
Leave a Reply