Full Disclosure mailing list archives
Re: SmartBear SoapUI - Remote Code Execution via Deserialization
From: Harrison Neal <hneal () whatdidibreak com>
Date: Sat, 07 Oct 2017 16:12:36 +0000
For users of the "next" branch, if you've built the project since Feb 3rd, you're probably safe (RMI/Cajo disabled and libraries updated): https://github.com/SmartBear/soapui/commit/42af23fb46d81b4c2121193b9eca9c5fd15f5b6a https://github.com/SmartBear/soapui/commit/0562c0f1357c526711eabf1a87dfb5622f92a721 -HN _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: SmartBear SoapUI - Remote Code Execution via Deserialization Harrison Neal (Oct 10)