You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
java security
About this tag
Discussions tagged with java security cover vulnerabilities and protections affecting Java applications on Windows and Azure. Topics include CVE-2025-48924 in Apache Commons Lang, which can cause uncontrolled recursion via ClassUtils.getClass, and CVE-2022-3509 in Google's Protocol Buffers Java implementation, a parsing bug leading to denial-of-service through excessive garbage collection. Also explored is Waratek Locker BYOS RASP, a runtime application self-protection approach for Java on Azure, and recovery from the older Exploit:Java/CVE-2013-1493, which involved browser redirects and required disabling Java. These threads emphasize patching, hardening, and validating security claims for Java deployments.
Apache Commons Lang’s ClassUtils.getClass(...) can be driven into uncontrolled recursion by very long inputs (CVE‑2025‑48924), but Microsoft’s public wording that “Azure Linux includes this open‑source library and is therefore potentially affected” is a product‑scoped attestation — authoritative...
CVE-2022-3509 is a parsing bug in Google’s Protocol Buffers Java implementation that can be triggered by crafted text‑format messages to force excessive object churn and long JVM garbage‑collection pauses, producing a denial‑of‑service (DoS) condition in vulnerable applications; operators should...
Waratek’s Locker promised a practical "bring your own security" (BYOS) approach for Java applications on Microsoft Azure — a lightweight, JVM‑embedded container that applies Runtime Application Self‑Protection (RASP) policies without touching application code — and while the idea remains...
We've recently been having problems with redirects when clicking the links of search results in our browsers (IE and Firefox). We tried a few different virus scans and nothing was able to find it. However, we did realize that Microsoft Security Essentials would not run when we clicked the...
browser security
computer safety
cve-2013-1493
cybersecurity
exploit
firefox
internet explorer
javajavasecurity
malware
microsoft
redirect
remnants
research
security essentials
software
tech support
virus scan
vulnerability
web links