Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for protecting deserialized vulnerabilities

A deserialization and vulnerability technology, applied in the field of financial technology, can solve the problems that affect the normal function of WebLogic, influence, and cannot be protected.

Active Publication Date: 2019-08-23
WEBANK (CHINA)
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] WebLogic has a Java deserialization vulnerability. When an attacker sends carefully constructed deserialization data to WebLogic, the vulnerability will be triggered and the operation specified by the attacker will be executed. Can control the server, steal data in the database, cause serious impact
[0004] In the prior art, deserialization of classes with deserialization vulnerabilities is usually prohibited, but in the prior art, when a new class that causes deserialization vulnerabilities appears , the vulnerability can still be exploited and cannot be protected
And when replacing or deleting a class, because the replaced class is the basic class of Java, the scope of influence is too large; when a class is deleted, the functions that depend on this class cannot be used, which may affect the normal functions of WebLogic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for protecting deserialized vulnerabilities
  • Method and device for protecting deserialized vulnerabilities
  • Method and device for protecting deserialized vulnerabilities

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] In order to make the purpose, technical solutions, and beneficial effects of the present application clearer, the following further describes the present application in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the application, but not to limit the application.

[0048] To facilitate understanding, the terms involved in the embodiments of the present application are explained below.

[0049] WebLogic: WebLogic is an application server produced by Oracle Corporation of the United States. To be precise, it is a middleware based on the JAVAEE (Java Platform Enterprise Edition) architecture. WebLogic is used to develop, integrate, deploy and manage large-scale distributed Web applications and network applications. And the Java application server for database applications. Introduce the dynamic functions of Java and the security of Java Enterprise standards int...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of financial technology, and discloses a method and a device for protecting deserialized vulnerabilities, and relates to the technical field of computers. The methodcomprises the following steps: a WebLogic server receiving a data request sent by at least one client, and determining whether the data request comprises T3 / T3S protocol data or not; if the WebLogicserver determines that the data request comprises T3 / T3S protocol data, determining whether the IP address of the client is a trusted IP address according to the internet protocol IP address of the client and a pre-configured IP address white list; and if the WebLogic server determines that the internet protocol IP address of the client is the trusted IP address, processing the T3 / T3S protocol data. By setting the white list in the WebLogic server, attacks of deserialized vulnerabilities are prevented as much as possible, and the security of the WebLogic server is improved.

Description

Technical field [0001] The present invention relates to the technical field of financial technology (Fintech), in particular to a method and device for protecting deserialization loopholes. Background technique [0002] WebLogic is a middleware based on the Java EE architecture, which can be used as a Java application server for the development, integration, deployment and management of large-scale distributed Web applications, network applications and database applications. It is widely used in government, finance, medical, transportation, education, scientific research and other industries and fields. [0003] WebLogic has a Java deserialization vulnerability. When an attacker sends carefully constructed deserialized data to WebLogic, the vulnerability will be triggered and the attacker's specified operation will be executed, which can control the server and steal data in the database, causing serious impact. [0004] In the prior art, it is generally forbidden to deserialize clas...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1433H04L63/1458H04L63/101H04L67/025H04L69/162
Inventor 郑祎
Owner WEBANK (CHINA)
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com