152: XML Beware

A short minisode on Apache Struts, XML deserialisation attacks, and Equifax. XML? Be cautious! Severe security vulnerability found in Apache Struts using lgtm.com (CVE-2017-9805) CVE-2017-9805: Analysis of Apache Struts RCE Vulnerability in REST Plugin Apache Struts Statement on Equifax Security Breach Apache Struts Security Bulletins OWASP Dependency Check struts-pwn - an exploit tester Remotely Exploitable Java Zero Day Exploits through Deserialization (2015 alert for Apache Commons Collections 3.x) A critical Apache Struts security flaw makes it 'easy' to hack Fortune 100 firms Upgrade your s**t!  

Om Podcasten

Greg, Mark and Richard get together weekly and talk about things of interest in the Java community. Greg works for SimWorks (http://www.simworks.com) who specialize in mobile phone software. Mark works for SecureMX (www.smx.co.nz). Richard works for Blue Train Software (http://www.bluetrainsoftware.com)