Short Name |
HTTP:ORACLE:XML-SIG-SPOOFING |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Java SE XML Digital Signature Spoofing |
Release Date |
2013/09/05 |
Update Number |
2296 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects a known vulnerability in the Oracle Java SE. An attacker can exploit this vulnerability to modify the content of an XML file without invalidating the signature associated with the file.
Per: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html 'Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.'