PhillipBlanton.com

"Save me, oh God, from people who have no sense of humor."
— Ludlow Porch

Remediating the Java Deserialization Vulnerability

The most under-reported software vulnerability of 2015 is turning out to be a flaw in Java deserialization. It hasn't been given a fancy name and used in wildly overstated "news" articles designed to sell more subscriptions to Lifelock, but it is very dangerous nonetheless. Here is a good, in-depth article describing the vulnerability, providing some resources for determining if you are affected, and some details for crafting your own exploits if you are so inclined.

https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/