When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an malicious user to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache groovy |
||
redhat enterprise linux server 7.0 |
Brrrt! Brrrt! Brrrt! Big Red's bug gun targets 252 bugs, and you for not patching fast enough
Hundreds of products, more than 250 vulnerabilities … yes, it's Oracle's quarterly critical patch update day! Oracle opens its bulletin with news that it "... continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes." "In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customer...