Vulnerability in Java Deserialization Affecting Cisco Products – 2019 Jan

Cause: A vulnerability in the Java deserialization used by the Apache Commons Collections (ACC) library could allow an unauthenticated, remote attacker to execute arbitrary code.

Remark: Researchers have found complex object graphs which, when deserialized, can lead to remote code execution in most Java software.

Official announcement:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.