Short Name |
APP:ORACLE:RHINOSCRIPT-BYPASS |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Oracle Java Applet Rhino Script Engine Policy Bypass |
Release Date |
2011/12/09 |
Update Number |
2045 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a policy bypass vulnerability in the Oracle Java Rhino Script engine. This issue can be used with a Java Applet to execute Java code outside of the sandbox. The vulnerability is caused by insufficient restrictions of certain instances of the error object. An attacker can exploit this vulnerability by enticing a user with sufficient privileges to open a webpage containing a Java Applet and Javascript code running the Rhino script engine. Successful exploitation can result in the execution of arbitrary Java code with full privileges of the currently logged in user.
Oracle Java SE is prone to a remote code-execution vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Scripting' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27