Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:ORACLE:RHINOSCRIPT-BYPASS

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Oracle Java Applet Rhino Script Engine Policy Bypass

Release Date

 2011/12/09

Update Number

 2045

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Oracle Java Applet Rhino Script Engine Policy Bypass


This signature detects attempts to exploit a policy bypass vulnerability in the Oracle Java Rhino Script engine. This issue can be used with a Java Applet to execute Java code outside of the sandbox. The vulnerability is caused by insufficient restrictions of certain instances of the error object. An attacker can exploit this vulnerability by enticing a user with sufficient privileges to open a webpage containing a Java Applet and Javascript code running the Rhino script engine. Successful exploitation can result in the execution of arbitrary Java code with full privileges of the currently logged in user.

Extended Description

Oracle Java SE is prone to a remote code-execution vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Scripting' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27

Affected Products

  • Apple mac_os_x 10.6
  • Apple mac_os_x 10.6.1
  • Apple mac_os_x 10.6.2
  • Apple mac_os_x 10.6.3
  • Apple mac_os_x 10.6.4
  • Apple mac_os_x 10.6.5
  • Apple mac_os_x 10.6.5
  • Apple mac_os_x 10.6.6
  • Apple mac_os_x 10.6.7
  • Apple mac_os_x 10.6.8
  • Apple mac_os_x 10.7
  • Apple mac_os_x 10.7.1
  • Apple mac_os_x 10.7.2
  • Apple mac_os_x_server 10.6
  • Apple mac_os_x_server 10.6.1
  • Apple mac_os_x_server 10.6.2
  • Apple mac_os_x_server 10.6.3
  • Apple mac_os_x_server 10.6.4
  • Apple mac_os_x_server 10.6.5
  • Apple mac_os_x_server 10.6.5
  • Apple mac_os_x_server 10.6.6
  • Apple mac_os_x_server 10.6.7
  • Apple mac_os_x_server 10.6.8
  • Apple mac_os_x_server 10.7
  • Apple mac_os_x_server 10.7.1
  • Apple mac_os_x_server 10.7.2
  • Avaya aura_application_enablement_services 5.2
  • Avaya aura_application_enablement_services 5.2.1
  • Avaya aura_application_enablement_services 5.2.2
  • Avaya aura_application_enablement_services 5.2.3
  • Avaya aura_application_enablement_services 6.1
  • Avaya aura_application_enablement_services 6.1.1
  • Avaya aura_application_server_5300_sip_core 2.0
  • Avaya aura_communication_manager 4.0
  • Avaya aura_communication_manager 4.0
  • Avaya aura_communication_manager 5.1
  • Avaya aura_communication_manager 5.2
  • Avaya aura_communication_manager 5.2.1
  • Avaya aura_communication_manager_utility_services 6.0
  • Avaya aura_communication_manager_utility_services 6.1
  • Avaya aura_conferencing 6.0.0 Standard
  • Avaya aura_conferencing 6.0 Standard
  • Avaya aura_experience_portal 6.0
  • Avaya aura_messaging 6.0
  • Avaya aura_messaging 6.0.1
  • Avaya aura_presence_services 6.0
  • Avaya aura_presence_services 6.1
  • Avaya aura_presence_services 6.1.1
  • Avaya aura_session_manager 1.1
  • Avaya aura_session_manager 5.2
  • Avaya aura_session_manager 6.0
  • Avaya aura_session_manager 6.0 SP1
  • Avaya aura_session_manager 6.1
  • Avaya aura_session_manager 6.1.1
  • Avaya aura_session_manager 6.1.2
  • Avaya aura_session_manager 6.1.3
  • Avaya aura_session_manager 6.1 Sp1
  • Avaya aura_session_manager 6.1 SP2
  • Avaya aura_sip_enablement_services 4.0
  • Avaya aura_sip_enablement_services 5.0
  • Avaya aura_sip_enablement_services 5.1
  • Avaya aura_sip_enablement_services 5.2
  • Avaya aura_sip_enablement_services 5.2.1
  • Avaya aura_system_manager 6.1
  • Avaya aura_system_manager 6.1.1
  • Avaya aura_system_manager 6.1.2
  • Avaya aura_system_manager 6.1.3
  • Avaya aura_system_manager 6.1 Sp1
  • Avaya aura_system_manager 6.1 SP2
  • Avaya aura_system_platform 1.1
  • Avaya aura_system_platform 6.0
  • Avaya aura_system_platform 6.0.1
  • Avaya aura_system_platform 6.0.2
  • Avaya aura_system_platform 6.0 SP2
  • Avaya aura_system_platform 6.0 SP3
  • Avaya cms_server 15.0
  • Avaya cms_server 15.0 AUX
  • Avaya cms_server 16.0
  • Avaya cms_server 16.1
  • Avaya cms_server 16.2
  • Avaya interactive_response 4.0
  • Avaya ip_office_application_server 6.0
  • Avaya ip_office_application_server 6.1
  • Avaya ip_office_application_server 7.0
  • Avaya iq 5
  • Avaya iq 5.1
  • Avaya iq 5.1.1
  • Avaya iq 5.2
  • Avaya ir 4.0
  • Avaya meeting_exchange 5.0
  • Avaya meeting_exchange 5.0.0.0.52
  • Avaya meeting_exchange 5.0 SP1
  • Avaya meeting_exchange 5.0 SP2
  • Avaya meeting_exchange 5.1
  • Avaya meeting_exchange 5.1 SP1
  • Avaya meeting_exchange 5.2
  • Avaya meeting_exchange 5.2 SP1
  • Avaya meeting_exchange 5.2 SP2
  • Avaya message_networking 5.2
  • Avaya message_networking 5.2.1
  • Avaya message_networking 5.2.2
  • Avaya message_networking 5.2.3
  • Avaya message_networking 5.2.4
  • Avaya message_networking 5.2 SP1
  • Avaya messaging_application_server 5.2
  • Avaya messaging_storage_server 5.2
  • Avaya messaging_storage_server 5.2.2
  • Avaya messaging_storage_server 5.2.8
  • Avaya messaging_storage_server 5.2 SP1
  • Avaya messaging_storage_server 5.2 SP2
  • Avaya messaging_storage_server 5.2 SP3
  • Avaya proactive_contact 4.0
  • Avaya proactive_contact 4.0.1
  • Avaya proactive_contact 4.1
  • Avaya proactive_contact 4.1.1
  • Avaya proactive_contact 4.1.2
  • Avaya proactive_contact 4.2
  • Avaya proactive_contact 4.2.1
  • Avaya proactive_contact 4.2.2
  • Avaya proactive_contact 5.0
  • Avaya voice_portal 4.0
  • Avaya voice_portal 4.1
  • Avaya voice_portal 4.1 SP1
  • Avaya voice_portal 4.1 SP2
  • Avaya voice_portal 5.0
  • Avaya voice_portal 5.0 SP1
  • Avaya voice_portal 5.0 SP2
  • Avaya voice_portal 5.1
  • Avaya voice_portal 5.1
  • Avaya voice_portal 5.1.1
  • Avaya voice_portal 5.1.2
  • Avaya voice_portal 5.1 SP1
  • Debian linux 6.0 amd64
  • Debian linux 6.0 arm
  • Debian linux 6.0 ia-32
  • Debian linux 6.0 ia-64
  • Debian linux 6.0 mips
  • Debian linux 6.0 powerpc
  • Debian linux 6.0 s/390
  • Debian linux 6.0 sparc
  • Gentoo linux
  • Hp hp-ux B.11.11
  • Hp hp-ux B.11.23
  • Hp hp-ux B.11.31
  • Hp network_node_manager_i 9.1
  • Ibm java_se 6
  • Ibm java_se 6.0
  • Ibm java_se 6.0.0 SR9
  • Ibm java_se 6.0.0 SR9-FP2
  • Ibm java_se 6.0 SR5
  • Ibm java_se 6.0 SR6
  • Ibm java_se 6.0 SR7
  • Ibm java_se 6 SR8 FP1
  • Ibm java_se 7
  • Ibm java_se 7.0
  • Mandriva enterprise_server 5
  • Mandriva enterprise_server 5 X86 64
  • Mandriva linux_mandrake 2010.1
  • Mandriva linux_mandrake 2010.1 X86 64
  • Mandriva linux_mandrake 2011
  • Mandriva linux_mandrake 2011 x86_64
  • Openjdk openjdk 1.6.0
  • Openjdk openjdk 6
  • Oracle enterprise_linux 5
  • Oracle enterprise_linux 6
  • Panda antivirus 1.6.0 Update 1
  • Panda antivirus 1.6.0 Update 10
  • Panda antivirus 1.6.0 Update 11
  • Panda antivirus 1.6.0 Update 12
  • Panda antivirus 1.6.0 Update 13
  • Panda antivirus 1.6.0 Update 14
  • Panda antivirus 1.6.0 Update 15
  • Panda antivirus 1.6.0 Update 16
  • Panda antivirus 1.6.0 Update 17
  • Panda antivirus 1.6.0 Update 18
  • Panda antivirus 1.6.0 Update 19
  • Panda antivirus 1.6.0 Update 2
  • Panda antivirus 1.6.0 Update 20
  • Panda antivirus 1.6.0 Update 21
  • Panda antivirus 1.6.0 Update 3
  • Panda antivirus 1.6.0 Update 4
  • Panda antivirus 1.6.0 Update 5
  • Panda antivirus 1.6.0 Update 6
  • Panda antivirus 1.6.0 Update 7
  • Red_hat desktop_extras 4
  • Red_hat enterprise_linux 5 Server
  • Red_hat enterprise_linux_as_extras 4
  • Red_hat enterprise_linux_desktop 5 Client
  • Red_hat enterprise_linux_desktop 6
  • Red_hat enterprise_linux_desktop_optional 6
  • Red_hat enterprise_linux_desktop_supplementary 5 Client
  • Red_hat enterprise_linux_desktop_supplementary 6
  • Red_hat enterprise_linux_es_extras 4
  • Red_hat enterprise_linux_extras 4
  • Red_hat enterprise_linux_hpc_node 6
  • Red_hat enterprise_linux_hpc_node_optional 6
  • Red_hat enterprise_linux_hpc_node_supplementary 6
  • Red_hat enterprise_linux_server 6
  • Red_hat enterprise_linux_server_optional 6
  • Red_hat enterprise_linux_server_supplementary 6
  • Red_hat enterprise_linux_supplementary 5 Server
  • Red_hat enterprise_linux_workstation 6
  • Red_hat enterprise_linux_workstation_optional 6
  • Red_hat enterprise_linux_workstation_supplementary 6
  • Red_hat enterprise_linux_ws_extras 4
  • Red_hat fedora 14
  • Red_hat fedora 15
  • Red_hat fedora 16
  • Sun jdk_(linux_production_release) 1.6.0
  • Sun jdk_(linux_production_release) 1.6.0 01
  • Sun jdk_(linux_production_release) 1.6.0 01-B06
  • Sun jdk_(linux_production_release) 1.6.0 02
  • Sun jdk_(linux_production_release) 1.6.0 03
  • Sun jdk_(linux_production_release) 1.6.0 04
  • Sun jdk_(linux_production_release) 1.6.0 05
  • Sun jdk_(linux_production_release) 1.6.0 06
  • Sun jdk_(linux_production_release) 1.6.0 07
  • Sun jdk_(linux_production_release) 1.6.0 10
  • Sun jdk_(linux_production_release) 1.6.0 11
  • Sun jdk_(linux_production_release) 1.6.0 13
  • Sun jdk_(linux_production_release) 1.6.0 14
  • Sun jdk_(linux_production_release) 1.6.0 15
  • Sun jdk_(linux_production_release) 1.6.0 17
  • Sun jdk_(linux_production_release) 1.6.0 18
  • Sun jdk_(linux_production_release) 1.6.0 19
  • Sun jdk_(linux_production_release) 1.6.0 20
  • Sun jdk_(linux_production_release) 1.6.0_21
  • Sun jdk_(linux_production_release) 1.6.0_22
  • Sun jdk_(linux_production_release) 1.6.0_23
  • Sun jdk_(linux_production_release) 1.6.0_24
  • Sun jdk_(linux_production_release) 1.6.0_25
  • Sun jdk_(linux_production_release) 1.6.0_26
  • Sun jdk_(linux_production_release) 1.6.0_27
  • Sun jdk_(linux_production_release) 1.6.0 Update 10
  • Sun jdk_(linux_production_release) 1.6.0 Update 11
  • Sun jdk_(linux_production_release) 1.6.0 Update 12
  • Sun jdk_(linux_production_release) 1.6.0 Update 13
  • Sun jdk_(linux_production_release) 1.6.0 Update 14
  • Sun jdk_(linux_production_release) 1.6.0 Update 15
  • Sun jdk_(linux_production_release) 1.6.0 Update 16
  • Sun jdk_(linux_production_release) 1.6.0 Update 17
  • Sun jdk_(linux_production_release) 1.6.0 Update 18
  • Sun jdk_(linux_production_release) 1.6.0 Update 19
  • Sun jdk_(linux_production_release) 1.6.0 Update 20
  • Sun jdk_(linux_production_release) 1.6.0 Update 21
  • Sun jdk_(linux_production_release) 1.6.0 Update 3
  • Sun jdk_(linux_production_release) 1.6.0 Update 4
  • Sun jdk_(linux_production_release) 1.6.0 Update 5
  • Sun jdk_(linux_production_release) 1.6.0 Update 6
  • Sun jdk_(linux_production_release) 1.6.0 Update 7
  • Sun jdk_(linux_production_release) 1.7.0
  • Sun jdk_(solaris_production_release) 1.6.0
  • Sun jdk_(solaris_production_release) 1.6.0 01
  • Sun jdk_(solaris_production_release) 1.6.0 01-B06
  • Sun jdk_(solaris_production_release) 1.6.0 02
  • Sun jdk_(solaris_production_release) 1.6.0 03
  • Sun jdk_(solaris_production_release) 1.6.0 04
  • Sun jdk_(solaris_production_release) 1.6.0 05
  • Sun jdk_(solaris_production_release) 1.6.0 06
  • Sun jdk_(solaris_production_release) 1.6.0 07
  • Sun jdk_(solaris_production_release) 1.6.0 10
  • Sun jdk_(solaris_production_release) 1.6.0 11
  • Sun jdk_(solaris_production_release) 1.6.0 13
  • Sun jdk_(solaris_production_release) 1.6.0 14
  • Sun jdk_(solaris_production_release) 1.6.0 15
  • Sun jdk_(solaris_production_release) 1.6.0 17
  • Sun jdk_(solaris_production_release) 1.6.0 18
  • Sun jdk_(solaris_production_release) 1.6.0 19
  • Sun jdk_(solaris_production_release) 1.6.0 20
  • Sun jdk_(solaris_production_release) 1.6.0_21
  • Sun jdk_(solaris_production_release) 1.6.0_22
  • Sun jdk_(solaris_production_release) 1.6.0_23
  • Sun jdk_(solaris_production_release) 1.6.0_24
  • Sun jdk_(solaris_production_release) 1.6.0_25
  • Sun jdk_(solaris_production_release) 1.6.0_26
  • Sun jdk_(solaris_production_release) 1.6.0_27
  • Sun jdk_(solaris_production_release) 1.7.0
  • Sun jdk_(windows_production_release) 1.6.0
  • Sun jdk_(windows_production_release) 1.6.0 01
  • Sun jdk_(windows_production_release) 1.6.0 01-B06
  • Sun jdk_(windows_production_release) 1.6.0 02
  • Sun jdk_(windows_production_release) 1.6.0 03
  • Sun jdk_(windows_production_release) 1.6.0 04
  • Sun jdk_(windows_production_release) 1.6.0 05
  • Sun jdk_(windows_production_release) 1.6.0 06
  • Sun jdk_(windows_production_release) 1.6.0 07
  • Sun jdk_(windows_production_release) 1.6.0 10
  • Sun jdk_(windows_production_release) 1.6.0 11
  • Sun jdk_(windows_production_release) 1.6.0 13
  • Sun jdk_(windows_production_release) 1.6.0 14
  • Sun jdk_(windows_production_release) 1.6.0 15
  • Sun jdk_(windows_production_release) 1.6.0 17
  • Sun jdk_(windows_production_release) 1.6.0 18
  • Sun jdk_(windows_production_release) 1.6.0 19
  • Sun jdk_(windows_production_release) 1.6.0 20
  • Sun jdk_(windows_production_release) 1.6.0_21
  • Sun jdk_(windows_production_release) 1.6.0_22
  • Sun jdk_(windows_production_release) 1.6.0_23
  • Sun jdk_(windows_production_release) 1.6.0_24
  • Sun jdk_(windows_production_release) 1.6.0_25
  • Sun jdk_(windows_production_release) 1.6.0_26
  • Sun jdk_(windows_production_release) 1.6.0_27
  • Sun jdk_(windows_production_release) 1.7.0
  • Sun jre_(linux_production_release) 1.6.0
  • Sun jre_(linux_production_release) 1.6.0 01
  • Sun jre_(linux_production_release) 1.6.0 02
  • Sun jre_(linux_production_release) 1.6.0 03
  • Sun jre_(linux_production_release) 1.6.0 04
  • Sun jre_(linux_production_release) 1.6.0 05
  • Sun jre_(linux_production_release) 1.6.0 06
  • Sun jre_(linux_production_release) 1.6.0 07
  • Sun jre_(linux_production_release) 1.6.0 10
  • Sun jre_(linux_production_release) 1.6.0 11
  • Sun jre_(linux_production_release) 1.6.0 12
  • Sun jre_(linux_production_release) 1.6.0 13
  • Sun jre_(linux_production_release) 1.6.0 14
  • Sun jre_(linux_production_release) 1.6.0 15
  • Sun jre_(linux_production_release) 1.6.0 17
  • Sun jre_(linux_production_release) 1.6.0 18
  • Sun jre_(linux_production_release) 1.6.0 19
  • Sun jre_(linux_production_release) 1.6.0 20
  • Sun jre_(linux_production_release) 1.6.0_21
  • Sun jre_(linux_production_release) 1.6.0_22
  • Sun jre_(linux_production_release) 1.6.0_23
  • Sun jre_(linux_production_release) 1.6.0_24
  • Sun jre_(linux_production_release) 1.6.0_25
  • Sun jre_(linux_production_release) 1.6.0_26
  • Sun jre_(linux_production_release) 1.6.0_27
  • Sun jre_(linux_production_release) 1.7
  • Sun jre_(solaris_production_release) 1.6.0
  • Sun jre_(solaris_production_release) 1.6.0 01
  • Sun jre_(solaris_production_release) 1.6.0 02
  • Sun jre_(solaris_production_release) 1.6.0 03
  • Sun jre_(solaris_production_release) 1.6.0 04
  • Sun jre_(solaris_production_release) 1.6.0 05
  • Sun jre_(solaris_production_release) 1.6.0 06
  • Sun jre_(solaris_production_release) 1.6.0 07
  • Sun jre_(solaris_production_release) 1.6.0 10
  • Sun jre_(solaris_production_release) 1.6.0 11
  • Sun jre_(solaris_production_release) 1.6.0 12
  • Sun jre_(solaris_production_release) 1.6.0 13
  • Sun jre_(solaris_production_release) 1.6.0 14
  • Sun jre_(solaris_production_release) 1.6.0 15
  • Sun jre_(solaris_production_release) 1.6.0 17
  • Sun jre_(solaris_production_release) 1.6.0 18
  • Sun jre_(solaris_production_release) 1.6.0 19
  • Sun jre_(solaris_production_release) 1.6.0 2
  • Sun jre_(solaris_production_release) 1.6.0_21
  • Sun jre_(solaris_production_release) 1.6.0_22
  • Sun jre_(solaris_production_release) 1.6.0_23
  • Sun jre_(solaris_production_release) 1.6.0_24
  • Sun jre_(solaris_production_release) 1.6.0_25
  • Sun jre_(solaris_production_release) 1.6.0_26
  • Sun jre_(solaris_production_release) 1.6.0_27
  • Sun jre_(solaris_production_release) 1.7
  • Sun jre_(windows_production_release) 1.6.0
  • Sun jre_(windows_production_release) 1.6.0 01
  • Sun jre_(windows_production_release) 1.6.0 02
  • Sun jre_(windows_production_release) 1.6.0 03
  • Sun jre_(windows_production_release) 1.6.0 04
  • Sun jre_(windows_production_release) 1.6.0 05
  • Sun jre_(windows_production_release) 1.6.0 06
  • Sun jre_(windows_production_release) 1.6.0 07
  • Sun jre_(windows_production_release) 1.6.0 10
  • Sun jre_(windows_production_release) 1.6.0 11
  • Sun jre_(windows_production_release) 1.6.0 12
  • Sun jre_(windows_production_release) 1.6.0 13
  • Sun jre_(windows_production_release) 1.6.0 14
  • Sun jre_(windows_production_release) 1.6.0 15
  • Sun jre_(windows_production_release) 1.6.0 17
  • Sun jre_(windows_production_release) 1.6.0 18
  • Sun jre_(windows_production_release) 1.6.0 19
  • Sun jre_(windows_production_release) 1.6.0 2
  • Sun jre_(windows_production_release) 1.6.0 20
  • Sun jre_(windows_production_release) 1.6.0_21
  • Sun jre_(windows_production_release) 1.6.0_22
  • Sun jre_(windows_production_release) 1.6.0_23
  • Sun jre_(windows_production_release) 1.6.0_24
  • Sun jre_(windows_production_release) 1.6.0_25
  • Sun jre_(windows_production_release) 1.6.0_26
  • Sun jre_(windows_production_release) 1.6.0_27
  • Sun jre_(windows_production_release) 1.7
  • Suse suse_linux_enterprise_java 10 SP4
  • Suse suse_linux_enterprise_java 11 SP1
  • Suse suse_linux_enterprise_sdk 11 SP1
  • Suse suse_linux_enterprise_server 10 SP4
  • Suse suse_linux_enterprise_server 11 SP1
  • Suse suse_linux_enterprise_server 11 SP1 for SP2
  • Suse suse_linux_enterprise_server_for_vmware 11 SP1
  • Suse suse_linux_enterprise_software_development_kit 11 SP1 for SP2
  • Ubuntu ubuntu_linux 10.04 Amd64
  • Ubuntu ubuntu_linux 10.04 ARM
  • Ubuntu ubuntu_linux 10.04 I386
  • Ubuntu ubuntu_linux 10.04 Powerpc
  • Ubuntu ubuntu_linux 10.04 Sparc
  • Ubuntu ubuntu_linux 10.10 amd64
  • Ubuntu ubuntu_linux 10.10 ARM
  • Ubuntu ubuntu_linux 10.10 i386
  • Ubuntu ubuntu_linux 10.10 powerpc
  • Ubuntu ubuntu_linux 11.04 amd64
  • Ubuntu ubuntu_linux 11.04 ARM
  • Ubuntu ubuntu_linux 11.04 i386
  • Ubuntu ubuntu_linux 11.04 powerpc
  • Ubuntu ubuntu_linux 11.10 amd64
  • Ubuntu ubuntu_linux 11.10 i386
  • Vmware esx 3.5
  • Vmware esx 4.0
  • Vmware esx 4.1
  • Vmware update_manager 5.0
  • Vmware vcenter 4.0
  • Vmware vcenter 4.1
  • Vmware vcenter 5.0
  • Vmware virtualcenter 2.5
  • Xerox freeflow_print_server_(ffps) 73.B3.61
  • Xerox freeflow_print_server_(ffps) 73.C0.41

References

  • BugTraq: 50218
  • CVE: CVE-2011-3544

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out