Java Serialization Object
- Risk:
Medium
- Type:
- Passive
- CWE:
- 502
- Summary
- Java Serialization seems to be in use. If not correctly validated, an attacker can send a specially crafted object. This can lead to a dangerous “Remote Code Execution”. A magic sequence identifying JSO has been detected (Base64: rO0AB, Raw: 0xac, 0xed, 0x00, 0x05).
- Solution
- Deserialization of untrusted data is inherently dangerous and should be avoided.