tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johan Compagner <jcompag...@servoy.com>
Subject Re: java deserialization vulnerability for Tomcat 7/8
Date Wed, 11 Nov 2015 13:53:53 GMT
On 11 November 2015 at 14:44, Christopher Schultz <
chris@christopherschultz.net> wrote:

> Tomcat could potentially be
> used as an attack vector against a system by someone with write-access
> to the part of the filesystem where Tomcat stores its serialized session
> objects during a restart
>

if you already can do that... then i think there are other problems first ;)


-- 
Johan Compagner
Servoy

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message