Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting deserialized vulnerabilities

A deserialization and detection method technology, applied in the field of financial technology, can solve the problems of triggering vulnerabilities, impact, and no deserialization vulnerability detection method

Pending Publication Date: 2019-09-24
WEBANK (CHINA)
View PDF4 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] WebLogic has a Java deserialization vulnerability. When an attacker sends carefully constructed deserialized data to WebLogic, the vulnerability will be triggered, and the operation specified by the attacker will be executed, which can control the server and steal data in the database, causing serious impact
[0005] In the prior art, there is only a detection method for the deserialization vulnerability of the T3 protocol, and there is no detection method for the deserialization vulnerability of the T3S protocol, so a method for the deserialization vulnerability of the T3S protocol is urgently needed in the prior art Detection method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting deserialized vulnerabilities
  • Method and device for detecting deserialized vulnerabilities
  • Method and device for detecting deserialized vulnerabilities

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0056] In order to make the purpose, technical solutions and beneficial effects of the present application clearer, the present application will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present application, and are not intended to limit the present application.

[0057] For the convenience of understanding, the nouns involved in the embodiments of the present application are explained below.

[0058] WebLogic: WebLogic is an application server produced by Oracle Corporation in the United States. To be precise, it is a middleware based on JAVAEE (Java Platform Enterprise Edition) architecture. WebLogic is used to develop, integrate, deploy and manage large-scale distributed Web applications and network applications. and a Java application server for database applications. Introduce the dynamic functions of Java and the sec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of financial technology, and discloses a method and device for detecting deserialized vulnerabilities, and the method comprises the steps: obtaining a vulnerability detection task, and accessing a service port of a WebLogic server through a secure socket layer SSL protocol; if it is determined that the service port of the WebLogic server is successfully accessed, determining whether the service port of the WebLogic server supports a T3S protocol service or not; and if it is determined that the service port of the WebLogic server supports the T3S protocol service and the connection with the remote method of the WebLogic server calling the RMI service is successful, determining that the WebLogic server has the WebLogic Java deserialization vulnerability of the T3S protocol. Through the method, the deserialization vulnerability detection for the T3S protocol can be realized, the detection can be carried out on the premise of determining that the service port can be accessed and the service port supports the T3S protocol service, and the detection efficiency is improved.

Description

technical field [0001] The invention relates to the technical field of financial technology (Fintech), in particular to a detection method and device for deserialization vulnerabilities. Background technique [0002] WebLogic is a middleware based on Java EE architecture, which can be used as a Java application server for developing, integrating, deploying and managing large-scale distributed web applications, network applications and database applications. Widely used in government, finance, medical care, transportation, education, scientific research and other industries and fields. [0003] When WebLogic uses the T3S protocol for service management, the protocol of the provided Web service is HTTPS; when it uses the T3 protocol for service management, the protocol of the provided Web service is HTTP. Therefore, the services provided by WebLogic using the T3S protocol have higher security requirements, indicating that the business functions supported by such WebLogic serv...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 郑祎
Owner WEBANK (CHINA)
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com