Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:ORACLE:GENERIC-SIGNATUR-MC |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Java Generic Signature Attribute Memory Corruption |
Release Date |
2014/08/06 |
Update Number |
2406 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Oracle Java Generic Signature Attribute Memory Corruption
This signature detects attempts to exploit a known vulnerability against Oracle Java. The vulnerability is due to a failure to validate the generic signature attribute while parsing class files. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in arbitrary code execution in the context of the currently logged-in user.
Extended Description
Per: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
Affected Products
- Oracle jdk 1.5.0
- Oracle jdk 1.6.0
- Oracle jdk 1.7.0
- Oracle jdk 1.8.0
- Oracle jre 1.5.0
- Oracle jre 1.6.0
- Oracle jre 1.7.0
- Oracle jre 1.8.0
References
- BugTraq: 68562
- CVE: CVE-2014-4216