We are not the Better Business Bureau. We're better!
   About Us
   Our Ratings
   Look up a Company
   File a Complaint
   Complaint Resolution
   Membership - Join Now!
   Member Login
   Contact Us

1,847,265 companies
in our database.

Join our weekly
Consumer Fraud
Alert Newsletter

Our members proudly
display this seal!

News Releases


Java deserialisation bug affects several software libraries

According to research by Foxglove Security, a java deserialisation vulnerability has affected more than 40 software libraries. Though initially it was thought that the deserialisation bug in Apache Commons Collections affected only the popular softwares like that of JBoss and WebSphere; new research shows that at least 40 more libraries may be affected by the same bug.

Due to this vulnerability, a major risk comes from apps that accept serialised Java objects. Several popular open source libraries like JMS Transport, Apache Directory API, hadoop-mapreduce-client-core, versions of Webx All-in-one Bundle are at risk due to this bug.This vulnerability can exploited by hackers to take control of app servers running the affected libraries.

Developers who are using the above mentioned libraries in their applications need to be aware of the risk and should therefore check carefully if they're deserializing any kind of untrusted data. They need of the hour is that, developers review their libraries and get a clear picture on whether or not their technology is vulnerable to the deserialisation vulnerability.

Though it has been a while since this problem had been detected, it was not until last month, when a credible attack scenario was outlined, that much attention was paid on it. The main problem lies with apps which do not check untrusted input before deserialisation. And even though many software packages have been updated till date due to this bug, the major challenge is to address the problems in the custom softwares procured from third parties.

Regarded as the “most underrated, underhyped vulnerability of 2015”; one major issue with this development is that several well established and effectively maintained applications are still deserializing the user-supplied data.

For more information on Java software and Java programs visit


Credit Secrets Bible

Get Paid for
Doing Surveys

The Online Business Bureau -- 21441 Pacific Boulevard -- Suite 200 -- Sterling, VA 20166 -- 202-558-5282
News Releases |  News Articles |  Financial Calculators |  Contact Us |  Privacy Policy | Terms of Use & Legal Notice
Copyright © 2018 Online Business Bureau, L. C.. All Rights Reserved.
We are not affiliated with the Council of Better Business Bureaus, Inc.