[Owasp-leaders] What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. |

Aaron Guzman aaron.guzman at owasp.org
Sat Nov 7 08:08:03 UTC 2015


Awesome! Thanks for sharing..

Other than the juicy details, here is a blurb to take note of if your position falls into these categories :)

	• Defenders – Anyone on your network and potentially the Internet can compromise many of your application servers, including some appliances.
	• Pentesters – This vulnerability is amazing. Runs in memory and isn’t going away anytime soon. Remote code execution in many many things including custom applications
	• Checkbox Checkers – Uncheck the boxes, you’re probably not compliant anymore (and let’s be honest, you probably never were)


BTW, this research originally released at Appsec Cali 2015 - http://www.slideshare.net/frohoff1/appseccali-2015-marshalling-pickles <http://www.slideshare.net/frohoff1/appseccali-2015-marshalling-pickles>

Appsec Cali 2016 is quickly approaching (https://2016.appseccalifornia.org/ <https://2016.appseccalifornia.org/>) :)

--
Aaron Guzman
OWASP Los Angeles Board Member
Cloud Security Alliance LA/SoCal Research Director
aaron.guzman at owasp.org
Twitter: @scriptingxss
Linkedin: http://lnkd.in/bds3MgN


> On Nov 6, 2015, at 7:37 PM, Tom Brennan <tomb at owasp.org> wrote:
> 
> Great write up - take notice, take action.
> 
> http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
> 
> 
> Tom Brennan
> 973-506-9304
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151107/dc823a14/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151107/dc823a14/attachment-0001.pgp>


More information about the OWASP-Leaders mailing list