lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 07 Oct 2017 16:12:36 +0000 From: Harrison Neal <hneal@...tdidibreak.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: Re: [FD] SmartBear SoapUI - Remote Code Execution via Deserialization For users of the "next" branch, if you've built the project since Feb 3rd, you're probably safe (RMI/Cajo disabled and libraries updated): https://github.com/SmartBear/soapui/commit/42af23fb46d81b4c2121193b9eca9c5fd15f5b6a https://github.com/SmartBear/soapui/commit/0562c0f1357c526711eabf1a87dfb5622f92a721 -HN _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/