deserialization – Page 5 – WindowsTechs.com

VU#112992: Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data

Posted on September 6, 2017 by CERT

Apache Struts 2 framework,versions 2.5 to 2.5.12,with REST plugin insecurely deserializes untrusted XML data. A remote,unauthenticated attacker can leverage this vulnerability to execute arbitrary code in the context of the Struts application. Continue reading VU#112992: Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data→

VU#307983: Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references

Posted on April 4, 2017 by CERT

Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Continue reading VU#307983: Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references→