Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:ORACLE:XML-SIG-SPOOFING |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Java SE XML Digital Signature Spoofing |
Release Date |
2013/09/05 |
Update Number |
2296 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Oracle Java SE XML Digital Signature Spoofing
This signature detects a known vulnerability in the Oracle Java SE. An attacker can exploit this vulnerability to modify the content of an XML file without invalidating the signature associated with the file.
Extended Description
Per: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html 'Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.'
Affected Products
- Oracle jdk 1.6.0
- Oracle jre 1.7.0
- Oracle jrockit r27.7.1
- Oracle jrockit r27.7.2
- Oracle jrockit r27.7.3
- Oracle jrockit r27.7.4
- Oracle jrockit r27.7.5
- Oracle jrockit r28.0.0
- Oracle jrockit r28.0.1
- Oracle jrockit r28.0.2
- Oracle jrockit r28.1.0
- Oracle jrockit r28.1.1
- Oracle jrockit r28.1.3
- Oracle jrockit r28.1.4
- Oracle jrockit r28.1.5
- Oracle jrockit r28.2.0
- Oracle jrockit r28.2.2
- Oracle jrockit r28.2.3
- Oracle jrockit r28.2.4
- Oracle jrockit r28.2.5
- Oracle jrockit r28.2.6
- Oracle jrockit r28.2.7
- Oracle openjdk 1.7.0
- Sun jdk 1.6.0
References
- CVE: CVE-2013-2461