Red Hat Security Blog: July 2016 archives

  • Using the Java Security Manager in Enterprise Application Platform 7

    JBoss Enterprise Application Platform 7 allows the definition of Java Security Policies per application. The way it's implemented means that we'll also be able to define security policies per module, in addition to define one per application. The ability to apply the Java Security Manager per application, or per module in EAP 7, makes it a versatile tool in the mitigation of serious security issues, or useful for applications with strict security requirements. The main difference between EAP 6...
    Posted 2016-07-13T13:30:00+00:00 - 0
  • Java Deserialization attacks on JBoss Middleware

    Recent research by Chris Frohoff and Gabriel Lawrence has exposed gadget chains in various libraries that allow code to be executed during object deserialization in Java. They've done some excellent research, including publishing some code that allows anyone to serialize a malicious payload that when deserialized runs the operating system command of their choice, as the user which started the Java Virtual Machine (JVM). The vulnerabilities are not with the gadget chains themselves but with the...
    Posted 2016-07-06T13:30:00+00:00 - 1