Description
It was determined that your web application is performing Java object deserialization of user-supplied data. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data. Consult Web references section for more information about this issue.
Remediation
Java object deserialization should not be performed on user-supplied data.
References
AppSecCali 2015 - Marshalling Pickles
What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common?
Related Vulnerabilities
Moodle Improper Input Validation Vulnerability (CVE-2011-4294)
Internet Information Services Improper Input Validation Vulnerability (CVE-2000-0258)
WordPress Plugin Events Manager CSV Injection (5.9.7.1)
Drupal Improper Input Validation Vulnerability (CVE-2012-1589)
Ruby Improper Input Validation Vulnerability (CVE-2015-7551)