Java Deserialization Protection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Java Deserialization Protection

L3 Networker

Hello,

I am looking to enable the "Java Deserialization Protection" in my exploit profile.

 

I see the default is to leave it disabled.

 

anyone else have this enabled?

any advise or experience working with this?  

3 REPLIES 3

L4 Transporter

Hi @PeteJacobCF ,

Im not sure if your post is because your organization works with Spring Framework which is affected as you know by a recent reported vulnerability (see  CVE-2022-22965 for more information). 

If possitive to the former, we at PANW  highly recommend to upgrade your spring framework to the release/s 5.3.18 and 5.2.20 and also your Cortex XDR agents to the latest release, and more specifically to release 7.7and content above 470-88704.

 

If somebody tries to exploit this vulnerability , it will be blocked by the Java Deserialization Exploit protection module, which will be active if you enable Known Vulnerable Processes Protection at the Linux Exploit Security profile.

Please check that  "Known Vulnerable Processes Protection" module is set to block, so that exploitation attempt is blocked and you will get an alert  of the type Suspicious Input Deserialization.

 

Hope this helps, 

Luis

 

@eluis thanks for the reply back man! I was just thinking that if its an available option now for windows if it would be good to enable it... I have read up on what it is but don't really understand fully what it is and what it does. I think for now I will just work on the "OpenSSL Infinite Loop Vulnerability" and put this on the back burner.  

L3 Networker

@PeteJacobCF If you have Java application using spring framework, i would assume it will be good to turn on this policy on your test system and work from there to implement to your live systems.

Kind Regards
KS
  • 3262 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!