Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".
- http://blog.cr0.org/2009/05/write-once-own-everyone.html
- http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html
- https://github.com/LAIR-RCC/InfSecurityRussianNLP
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/svartkanin/source_code_analyzer