Signature Detail
Short Name |
HTTP:STC:JAVA:JAX-WS-RCE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Java Applet JAX-WS Class Handling Arbitrary Code Execution |
Release Date |
2013/01/14 |
Update Number |
2224 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Oracle Java Applet JAX-WS Class Handling Arbitrary Code Execution
This signature detects attempts to exploit a known vulnerability against Oracle Java. A successful attack can lead to arbitrary code execution.
Extended Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
Affected Products
- oracle jdk up to 1.7.0 (update1)
- oracle jdk up to 1.7.0 (update2)
- oracle jdk up to 1.7.0 (update3)
- oracle jdk up to 1.7.0 (update4)
- oracle jdk up to 1.7.0 (update5)
- oracle jdk up to 1.7.0 (update6)
- oracle jdk up to 1.7.0 (update7)
- oracle jre up to 1.7.0 (update1)
- oracle jre up to 1.7.0 (update2)
- oracle jre up to 1.7.0 (update3)
- oracle jre up to 1.7.0 (update4)
- oracle jre up to 1.7.0 (update5)
- oracle jre up to 1.7.0 (update6)
- oracle jre up to 1.7.0 (update7)
References
- BugTraq: 56054
- CVE: CVE-2012-5076