-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Pete,
On 6/17/20 17:44, Pete Helgren wrote:
> I am going to guess that it is one of these two known
> vulnerabilities:
>
> CST-7111: RCE via JSON deserialization (LPS-88051/LPE-165981) The
> JSONDeserializer of Flexjson allows the instantiation of
Hi Pete,
On 17.06.20 23:44, Pete Helgren wrote:
> I am going to guess that it is one of these two known vulnerabilities:
>
> CST-7111: RCE via JSON deserialization (LPS-88051/LPE-165981)
> The JSONDeserializer of Flexjson allows the instantiation of arbitrary
> classes and the invocation of
I am going to guess that it is one of these two known vulnerabilities:
CST-7111: RCE via JSON deserialization (LPS-88051/LPE-165981)
The JSONDeserializer of Flexjson allows the instantiation of arbitrary
classes and the invocation of arbitrary setter methods.
CST-7205: Unauthenticated Remote
I have a situation where I have had "Kinsing" crypto-mining software get
installed twice on a VM that runs Liferay and Tomcat. Based on what I
have read about this cryto-miner, it seems to target Linux VM's running
Docker images and/or an open redis port. I have none of that on this VM.
The
