Today VMWare has released a security advisory VMSA-2015-0009 that address a critical deserialization vulnerability. A deserialization vulnerability involving Apache Commons-collections and a specially constructed chain of classes exists. Successful exploitation could result in remote code execution, with the permissions of the application using the Commons-collections library.
More details are available at the VMWare Security Advisory page located at http://www.vmware.com/security/advisories/VMSA-2015-0009.html.
Russell EubanksA Practical Introduction to Risk Assessment - SANSFIRE 2020
Dec 19th 2015
4 years ago