Java serialized object injection attempt Description   Some Java classes are known to be vulnerable to unsafe deserialization that can lead to a remote code execution. If you want to block all Java serialized objects on the HTTP protocol, you can use this signature. Keep in mind that some softwares use serialized objects for their communications. But this signature only works on HTTP protocol.       Default configuration   Profiles High Medium Low Internet Action Pass Pass Pass Pass Alarm Level Minor Ignore Ignore Ignore       References   URL: https://github.com/frohoff/ysoserial URL: https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/       Available since   ASQ v5.0.0       Protects   Apache Camel Java Object Deserialization Vulnerabilities Fixed by 2.16.5, 2.17.5 and 2.18.2 Apache Groovy Remote Code Execution Vulnerability Fixed by 2.4.8 Red Hat JBoss Enterprise Application Platform JMX Serialization Remote Code Execution Vulnerability Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution Vulnerability 100 last CVE   CVE-2017-3159 CVE-2016-8749 CVE-2016-7065 CVE-2016-6814 CVE-2016-1000031    Risk level  Moderate