Java Serialization Object

Type: Passive Scan

Description

Java Serialization seems to be in use. If not correctly validated, an attacker can send a specially crafted object. This can lead to a dangerous “Remote Code Execution”. A magic sequence identifying JSO has been detected (Base64: rO0AB, Raw: 0xac, 0xed, 0x00, 0x05).

Solution

Deserialization of untrusted data is inherently dangerous and should be avoided.

References

Code

Last updated: 2020-04-30 16:12:39.623Z