http://fishbowl.pastiche.org/2015/11/09/java_serialization_bug/
http://www.infoq.com/news/2015/11/commons-exploit
http://www.slideshare.net/frohoff1/appseccali-2015-marshalling-pickles
https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli
https://issues.apache.org/jira/browse/COLLECTIONS-580
http://www.securityweek.com/remote-code-execution-flaw-found-java-app-servers
http://www.zdnet.com/article/java-unserialize-remote-code-execution-hole-hits-commons-collections-jboss-websphere-weblogic/ https://randomgooby.wordpress.com/2015/11/07/apache-commons-collections-vulnerability-try-it-at-home/
http://news.softpedia.com/news/the-vulnerability-that-will-rock-the-entire-java-world-495840.shtml
https://github.com/foxglovesec/JavaUnserializeExploits
https://news.ycombinator.com/item?id=10528483
http://www.ibm.com/developerworks/library/se-lookahead/
https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli