Serialization: Protecting Enterprise Critical Applications

By July 12, 2019 July 15th, 2019 Blog, Enterprise Applications

Enterprise organizations have built much of their foundations on Oracle’s WebLogic servers. As ubiquitous as they are, it’s no wonder that they are often the target of sophisticated attacks aimed at harvesting sensitive data.

It’s no surprise that large companies were panicked when news of a zero-day vulnerability (CVE 2019-2725) was announced in WebLogic application servers. The remote execution vulnerability didn’t require authentication and could result in a complete system compromise. But while word spread about the new threat, hackers were already working on an exploit. The day after Oracle released a critical patch for its premium customers, WebLogic servers were already seeing their first ransomware attacks.

So, what exactly is this zero-day vulnerability and why has it been so attractive for attackers? For that, we need to take a look at serialization—or it’s darker side—deserialization.

Read More at Security Boulevard>>


Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek