摘要
2015年底,Apache Commons Collections基础类库的Java反序列化漏洞,对全球基于Java技术的Web容器造成巨大影响。论文通过对序列化和反序列化的过程进行分析,详细剖析了利用反序列化漏洞实施远程代码执行攻击的原理,并提出安全性检查是应对该类漏洞的有效方式。
At the end of 2015,the Deserialization Vulnerability involves Apache Commons Collections base class library,and influences the Java Web Container all over the world.This thesis analyses the process of serialization and deserialization,and researches the method of Remote Code Execution(RCE),which uses the deserialization vulnerability.And Security Inspection is the effective method to reply this kind of vulnerability.
关键词
序列化
反序列化漏洞
远程代码执行
安全性检查
serialization
deserialization vulnerability
remote code execution
security inspection
