This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Java Deserialization Protection

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Java Deserialization Protection

PeteJacobCF
L3 Networker

‎04-18-2022 10:00 AM

Hello,

I am looking to enable the "Java Deserialization Protection" in my exploit profile.

 

I see the default is to leave it disabled.

 

anyone else have this enabled?

any advise or experience working with this?  

1 person had this problem.
3 REPLIES 3

eluis
L4 Transporter

‎04-18-2022 10:52 AM

Hi @PeteJacobCF ,

Im not sure if your post is because your organization works with Spring Framework which is affected as you know by a recent reported vulnerability (see  CVE-2022-22965 for more information). 

If possitive to the former, we at PANW  highly recommend to upgrade your spring framework to the release/s 5.3.18 and 5.2.20 and also your Cortex XDR agents to the latest release, and more specifically to release 7.7and content above 470-88704.

 

If somebody tries to exploit this vulnerability , it will be blocked by the Java Deserialization Exploit protection module, which will be active if you enable Known Vulnerable Processes Protection at the Linux Exploit Security profile.

Please check that  "Known Vulnerable Processes Protection" module is set to block, so that exploitation attempt is blocked and you will get an alert  of the type Suspicious Input Deserialization.

 

Hope this helps, 

Luis

 

0 Likes Likes

PeteJacobCF
L3 Networker
In response to eluis

‎04-19-2022 04:46 PM

@eluis thanks for the reply back man! I was just thinking that if its an available option now for windows if it would be good to enable it... I have read up on what it is but don't really understand fully what it is and what it does. I think for now I will just work on the "OpenSSL Infinite Loop Vulnerability" and put this on the back burner.  

0 Likes Likes

KanwarSingh01
L3 Networker

‎04-19-2022 05:37 PM

@PeteJacobCF If you have Java application using spring framework, i would assume it will be good to turn on this policy on your test system and work from there to implement to your live systems.

Kind Regards
KS
0 Likes Likes
  • 3461 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks