Skip to navigation Skip to main content Skip to footer
Research

Java RMI Registry.bind() Unvalidated Deserialization

By NCC Group Publication Archive

23 January 2017

Research Cyber Security Technical advisories

Title                             Java RMI Registry.bind() Unvalidated Deserialization
Reference                   VT-87
Discoverer                  Nick Bloor (@NickstaDB)
Vendor                        Oracle
Vendor Reference     S0818584
Systems Affected       Java SE <= 6u131, <= 7u121, <= 8u112, Java SE Embedded <= 8u111, JRockit <= R28.3.12
CVE Reference           CVE-2017-3241
Risk                              Critical
Status                          Fixed

Download technical advisory

NCC Group Publication Archive

NCC Group Publication Archive