Short Name |
HTTP:ORACLE:GENERIC-SIGNATUR-MC |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Java Generic Signature Attribute Memory Corruption |
Release Date |
2014/08/06 |
Update Number |
2406 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Oracle Java. The vulnerability is due to a failure to validate the generic signature attribute while parsing class files. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in arbitrary code execution in the context of the currently logged-in user.
Per: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."