...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
OBJ06-J | Medium | Probable | High | P4 | L3 |
Automated Detection
| Tool | Version | Checker | Description |
|---|---|---|---|
| Parasoft Jtest | 9.5 | SECURITY.EAB.CPCL, SECURITY.EAB.MPT, SECURITY.EAB.SMO, OOP.MUCOP | Implemented |
Related Vulnerabilities
CVE-2012-0507 describes an exploit that managed to bypass Java's applet security sandbox and run malicious code on a remote user's machine. The exploit created a data structure that is normally impossible to create in Java but was built using deserialization, and the deserialization process did not perform defensive copies of the deserialized data. See the code examples in SER07-J. Do not use the default serialized form for classes with implementation-defined invariants for more information.
...