IEEE

LiteCobra: Enhancing Java Deserialization Vulnerability Detection with Call Graph Pruning

Abstract: Java deserialization vulnerabilities have become a critical security threat, challenging to detect and even harder to exploit due to deserialization's flexible and customizable nature.
GitHub

software-engineering-and-security/gadgetbuilder

For more information, we refer to the reference publication. If you are overwhelmed by the fragment construction (trampoline + chain + sinkadapter), do not worry! We set default values (here) for ...
CSOonline

SolarWinds fixes Web Help Desk patch bypass for actively exploited flaw — again

‘Third time’s the charm?’ asks a prominent security researcher after what appears to be the same critical Java deserialization flaw gets a third security update. SolarWinds has released a third patch ...
GitHub

[Java]deserialize exception when map put null value

What did you see instead? java.lang.IndexOutOfBoundsException: readerIndex(54) + length(1) exceeds size(54): org.apache.fory.memory.MemoryBuffer$BoundChecker@61b615b2 ...
CSOonline

Critical deserialization bugs in Adobe, Oracle software actively exploited, warns CISA

CISA is warning Adobe and Oracle customers about in-the-wild exploitation of critical vulnerabilities affecting the services of these leading enterprise software providers. The US cybersecurity ...
Bleeping Computer

Apache warns of critical flaws in MINA, HugeGraph, Traffic Control

The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. The vulnerabilities were patched in new ...
Dark Reading

Patch Now: Second SolarWinds Critical Bug in Web Help Desk

For the second week in a row, SolarWinds has released a patch for a critical vulnerability in its IT help and ticketing software, Web Help Desk (WHD). According to its latest hotfix notice, the issue ...
SecurityWeek

SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day

The US cybersecurity agency CISA warns that a recent SolarWinds Web Help Desk vulnerability has been exploited in the wild. The US cybersecurity agency CISA on Thursday warned that a fresh ...
Infosecurity-magazine.com

SolarWinds Urges Upgrade After Revealing Critical RCE Bug

IT management software provider SolarWinds has urged customers to immediately patch a critical vulnerability in its Web Help Desk platform. CVE-2024-28986 is a Java deserialization remote code ...
Dark Reading

SolarWinds: Critical RCE Bug Requires Urgent Patch

SolarWinds is urging its customers to patch a critical vulnerability that was discovered in its Web Help Desk platform, tracked as CVE-2024-28986. This vulnerability is a Java deserialization remote ...
SecurityWeek

SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability

SolarWinds has released a hotfix for a critical Java deserialization remote code execution vulnerability in Web Help Desk. SolarWinds has released a hotfix to address a critical-severity vulnerability ...