Since a number of application servers transparently support deserialization of objects from data streams or through cookie values, it is trivial to pass exploit code through an HTTP request to a server which may be behind a firewall or scanners.
感覺好慘....囧
