You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@zookeeper.apache.org by Samy Ateia <sa...@hotmail.de> on 2015/12/15 11:39:42 UTC

Is zookeeper affected by this vulnerability?

http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

I' checked all my running servers for the commons collection package and zookeeper seems to use it.

Is there any endpoint that deserializes objects and can be exploited by a man-in-the-middle attack between two servers or a client and a server?

best regards,

Samy