http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

http://fishbowl.pastiche.org/2015/11/09/java_serialization_bug/

http://www.infoq.com/news/2015/11/commons-exploit

http://www.slideshare.net/frohoff1/appseccali-2015-marshalling-pickles

https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli

https://issues.apache.org/jira/browse/COLLECTIONS-580

http://www.securityweek.com/remote-code-execution-flaw-found-java-app-servers

http://www.zdnet.com/article/java-unserialize-remote-code-execution-hole-hits-commons-collections-jboss-websphere-weblogic/ https://randomgooby.wordpress.com/2015/11/07/apache-commons-collections-vulnerability-try-it-at-home/

http://news.softpedia.com/news/the-vulnerability-that-will-rock-the-entire-java-world-495840.shtml

https://github.com/foxglovesec/JavaUnserializeExploits

https://news.ycombinator.com/item?id=10528483

http://www.ibm.com/developerworks/library/se-lookahead/

http://www.techtimes.com/articles/104270/20151109/this-java-vulnerability-does-not-come-with-a-fancy-name-but-heres-why-programmers-should-worry.htm

http://svn.apache.org/viewvc/commons/proper/collections/branches/COLLECTIONS_3_2_X/src/java/org/apache/commons/collections/functors/InvokerTransformer.java?r1=1713136&r2=1713307&pathrev=1713307&diff_format=h

https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli