Hi Pete,
On 17.06.20 23:44, Pete Helgren wrote:
> I am going to guess that it is one of these two known vulnerabilities:
>
> CST-7111: RCE via JSON deserialization (LPS-88051/LPE-165981)
> The JSONDeserializer of Flexjson allows the instantiation of arbitrary
> classes and the invocation of arbitr
I am going to guess that it is one of these two known vulnerabilities:
CST-7111: RCE via JSON deserialization (LPS-88051/LPE-165981)
The JSONDeserializer of Flexjson allows the instantiation of arbitrary
classes and the invocation of arbitrary setter methods.
CST-7205: Unauthenticated Remote c
I have a situation where I have had "Kinsing" crypto-mining software get
installed twice on a VM that runs Liferay and Tomcat. Based on what I
have read about this cryto-miner, it seems to target Linux VM's running
Docker images and/or an open redis port. I have none of that on this VM.
The
Hi Chris,
Thanks for your reply. Thanks also for your warning against interfering with
the setting allowedRequestAttributesPattern ('Setting the value to ".*" is a
violation of sane security policy'). I guessed as much, and am grateful for
your confirmation.
On the subject of mod_jk, we are ap
Hi All,
Can we get a callback notification when a http/http2 connection is
opened/closed in Embedded tomcat .
Thanks and Regards
Arshiya Shariff
