subject:"\[SECURITY\] Java Deserialization, JMX and CVE\-2016\-3427"

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

2016-05-25 Thread Daniel Savard

2016-05-25 13:42 GMT-04:00 Mark Thomas : (...) > For example, this issue only applies if you are using JMX/RMI. If you > are, it is likely to be a significant risk. If you aren't, it won't > affect you. One of the reasons I published that blog post was to provide > folks with

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

2016-05-25 Thread Mark Thomas

On 25/05/2016 16:12, Christopher Schultz wrote: > Mark, > > On 5/24/16 10:06 AM, Mark Thomas wrote: >> TL;DR If you use remote JMX, you need to update your JVM to address >> CVE-2016-3427 > >> For the longer version, see the blog post I just published on >> this:

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

2016-05-25 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, On 5/25/16 11:41 AM, David kerber wrote: > On 5/25/2016 11:12 AM, Christopher Schultz wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> Mark, >> >> On 5/24/16 10:06 AM, Mark Thomas wrote: >>> TL;DR If you use remote JMX, you need

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

2016-05-25 Thread David kerber

On 5/25/2016 11:12 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 5/24/16 10:06 AM, Mark Thomas wrote: TL;DR If you use remote JMX, you need to update your JVM to address CVE-2016-3427 For the longer version, see the blog post I just published on this:

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

2016-05-25 Thread Woonsan Ko

On Wed, May 25, 2016 at 11:12 AM, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Mark, > > On 5/24/16 10:06 AM, Mark Thomas wrote: >> TL;DR If you use remote JMX, you need to update your JVM to address >> CVE-2016-3427 >> >> For the

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

2016-05-25 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 5/24/16 10:06 AM, Mark Thomas wrote: > TL;DR If you use remote JMX, you need to update your JVM to address > CVE-2016-3427 > > For the longer version, see the blog post I just published on > this:

[SECURITY] Java Deserialization, JMX and CVE-2016-3427

2016-05-24 Thread Mark Thomas

TL;DR If you use remote JMX, you need to update your JVM to address CVE-2016-3427 For the longer version, see the blog post I just published on this: http://engineering.pivotal.io/post/java-deserialization-jmx/ Mark - To

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

[SECURITY] Java Deserialization, JMX and CVE-2016-3427

7 matches

Site Navigation

Mail list logo

Footer information