Java deserialization is a class of security vulnerabilities that can result in server-side remote code execution (RCE). As many Oracle products are based on Java, deserialization bugs are found in many Oracle environments especially those using Oracle WebLogic, Oracle Fusion Middleware, and Oracle E-Business Suite. As an example, in November 2015 Oracle released an out-of-cycle security fix (CVE-2015-4852) in order to fix a deserialization bug in Oracle WebLogic. This education webinar provides an understanding of Java deserialization vulnerabilities, the potential impact for Oracle environments, and strategies to protect an Oracle environment from this class of security vulnerabilities.
File:
Attachment | Size |
---|---|
Integrigy Oracle Java Deserialization Vulnerabilities.pdf | 422.39 KB |
Tags:
Vulnerability, Oracle Database, Oracle E-Business Suite, Oracle Fusion Middleware