Java Serialization Object

Risk:
Medium

Type:
Passive

CWE:
CWE-502

Summary: Java Serialization seems to be in use. If not correctly validated, an attacker can send a specially crafted object. This can lead to a dangerous “Remote Code Execution”. A magic sequence identifying JSO has been detected (Base64: rO0AB, Raw: 0xac, 0xed, 0x00, 0x05).

Solution: Deserialization of untrusted data is inherently dangerous and should be avoided.

References: https://www.oracle.com/java/technologies/javase/seccodeguide.html#8

Free security scan for your website

Don't show website scan report rating on the leaderboard