Signature Detail
Short Name |
HTTP:STC:JAVA:GSUB-BOF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Java SE GSUB ReqFeatureIndex Buffer Overflow |
Release Date |
2014/02/24 |
Update Number |
2348 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Oracle Java SE GSUB ReqFeatureIndex Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Oracle Java. The vulnerability is due to invalid processing of the ReqFeatureIndex entry in the GSUB table. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.
Extended Description
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Affected Products
- oracle jdk 1.5.0 (update_55)
- oracle jdk 1.6.0 (update_65)
- oracle jdk 1.7.0 (update_45)
- oracle jre 1.5.0 (update_55)
- oracle jre 1.6.0 (update_65)
- oracle jre 1.7.0 (update_45)
- oracle jrockit r27.7.7
- oracle jrockit r28.2.9
References
- BugTraq: 64894
- CVE: CVE-2013-5907