Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Java deserialization vulnerabilities are commonly exploited by attackers and affect many Java applications and frameworks. Depending on the type of exploit, an attacker can steal data or gain control of a device.
The system might change the risk score for this detection.
Kill Chain
Risk Score
92
Java is an object-oriented programming language that enables applications to interact with objects and run commands. To easily store or share Java objects between applications, objects are converted into a byte sequence, which is called serialization. After receiving serialized data, the application reconstructs the objects from the byte sequence, which is called deserialization.
Applications are able to run commands from serialized data because the serialization process maintains the runtime state of each object and deserialization maintains the order of objects. Malicious attacks inject objects in between connected objects, creating a new, manipulated order of objects called a gadget chain.
Deserialization vulnerabilities in Java applications, combined with applications that trust user-provided data, can enable an attacker to inject objects into a gadget chain that run malicious commands. For example, an attacker-controlled client and server exchange serialized data over HTTP (1). The attacker creates a payload with manipulated serialized data that injects an object with a malicious command into a gadget chain (2). After receiving the malicious payload, the server reconstructs the object and runs the malicious commands in the runtime command prompt.
