[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] SmartBear SoapUI - Remote Code Execution via Deserialization

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: Re: [FD] SmartBear SoapUI - Remote Code Execution via Deserialization
From: Harrison Neal <hneal@xxxxxxxxxxxxxxxxx>
Date: Sat, 07 Oct 2017 16:12:36 +0000

For users of the "next" branch, if you've built the project since Feb 3rd,
you're probably safe (RMI/Cajo disabled and libraries updated):

https://github.com/SmartBear/soapui/commit/42af23fb46d81b4c2121193b9eca9c5fd15f5b6a

https://github.com/SmartBear/soapui/commit/0562c0f1357c526711eabf1a87dfb5622f92a721

-HN

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: Re: [FD] ArcGIS Server 10.3.1: RMIClassLoader useCodebaseOnly=false RCE
Next by Date: Re: [FD] Authentication Bypass in Xerox Printers – It is not a bug! It is a legacy feature ;-)
Previous by thread: Re: [FD] ArcGIS Server 10.3.1: RMIClassLoader useCodebaseOnly=false RCE
Next by thread: Re: [FD] Authentication Bypass in Xerox Printers – It is not a bug! It is a legacy feature ;-)
Index(es):
- Date
- Thread