Two months ago, a Java zero day vulnerability (CVE-2015-4852) that targeted Apache commons collections library was disclosed. This vulnerability is caused by an error when Java applications, which use Apache commons collections library, deserialize objects from untrusted network sources. Let’s take a look:
Our Fortinet IPS team immediately created a signature, "Apache.Commons.Collection.InvokerTransformer.Code.Execution", in order to protect our customers, and continues to monitor. Over the last 2 months, since creating the initial signature, we have seen it triggered on average, 400 times a day from 50 different FortiGates. This rate of alert is not very high, however, these alerts are not genuine, not false positive, coming from real attacks. Let's take a closer look at the payload found in the traffic and what it does throughout an attack.
Apache Commons Collections Under Attack | Fortinet Blog
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.