Serialized Object Found
Impact: High
Description
Object serialization allows transferring complex data structures over channels like HTTP. However, the presence of a serialized object within the application indicates potential vulnerabilities related to object deserialization. Deserialization of objects from untrusted sources can lead to various security risks, including remote code execution and data tampering.
Recommendation
To address the risk associated with serialized objects:
- Evaluate the necessity of deserializing objects from untrusted sources and minimize such dependencies wherever possible.
- Implement strict validation mechanisms to ensure that only trusted and properly formatted serialized objects are accepted.
- Consider using safer alternatives to object serialization, such as JSON or XML, which offer better security controls.
- Employ runtime protections and monitor for any anomalous deserialization activities that could indicate exploitation attempts.
References
👉 You might also like:
Insecure Deserialization Remote Code Execution - Vulnerability
Insecure Deserialization - Vulnerability
Old/Backup Resource Found - Vulnerability
phpinfo() Found - Vulnerability
Last updated on May 13, 2024