Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Java security vulnerability may affect 40 more libraries than first feared

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

December 7, 2015

A so-called Java 'deserialisation security vulnerability' could potentially affect as many as forty more software libraries than first feared, research has revealed last month.

The deserialisation security flaw in Apache Commons Collections (ACC) affects popular application servers such as WebSphere and JBoss, FoxGlove Security advised us in November.

However, new research by security-tools-for-software-developers firm SourceClear suggests that about forty additional software libraries could be affected by the same security flaw.

Libraries including Apache Directory API, JMS Transport, versions of Webx All-in-One Bundle, hadoop-mapreduce-client-core, and many more appear to be at risk as well.

“What makes this security bug so nasty is that it's not a flaw in Java itself, but instead a bug in a widely used library,” said Johannes Ullrich, CTO at the SANS Institute Internet Storm Center.

“Inventorying which libraries are used by which specific software is notoriously difficult,” added Ullrich.

“Several major enterprise software packages have been updated as a result, but the real challenge is internally written software, or custom software procured from third parties,” he added.

The issue has been understood for a while, but avoided much attention until November when a more credible attack scenario was outlined.

The root cause of the security issue is down to apps not validating or checking untrusted input prior to the Java deserialisation process.

The security vulnerability might be exploited by hackers to take control of app servers running the affected libraries.

The problem at the heart of the issue affects all apps that accept serialised Java objects.

As a proactive security measure, developers need to review their code and libraries to determine whether or not their code might be vulnerable to the Java deserialisation vulnerability, SourceClear recommends.

Source: SourceClear Internet Security.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer