IBM WebSphere Java Object Deserialization RCE
Critical Nessus Plugin ID 87171
SynopsisThe remote WebSphere Application Server is affected by a remote code
DescriptionThe remote IBM WebSphere Application Server is affected by a remote
code execution vulnerability due to unsafe deserialize calls of
unauthenticated Java objects to the Apache Commons Collections (ACC)
library. An unauthenticated, remote attacker can exploit this, by
sending a crafted SOAP request, to execute arbitrary code on the
SolutionApply the appropriate interim fix per the vendor advisory.
Alternatively, ensure that all exposed ports used by the WebSphere
Application Server are firewalled from any public networks.