Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:JAVA:JNLP-OF

Severity

 High

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 Java Runtime Environment Web Start JNLP File Stack Buffer Overflow

Release Date

 2015/02/02

Update Number

 2463

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Java Runtime Environment Web Start JNLP File Stack Buffer Overflow


This signature detects attempts to exploit a known vulnerability against Oracle Java. A successful exploit can lead to a buffer overflow and arbitrary code execution.

Extended Description

Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in a denial-of-service condition. This issue affects these versions: Java Runtime Environment 6 update 1 Java Runtime Environment 5 update 11 Prior versions are also affected.

Affected Products

  • Apple Mac OS X 10.4.10
  • Apple Mac OS X 10.4.11
  • Apple Mac OS X Server 10.4.10
  • Apple Mac OS X Server 10.4.11
  • Gentoo dev-java/ibm-jdk-bin 1.4.2.10
  • Gentoo dev-java/ibm-jdk-bin 1.5.0.6
  • Gentoo dev-java/ibm-jre-bin 1.4.2.10
  • Gentoo dev-java/ibm-jre-bin 1.5.0.6
  • Gentoo Linux
  • Red Hat Enterprise Linux Desktop Supplementary 5 Client
  • Red Hat Enterprise Linux Extras 4
  • Red Hat Enterprise Linux Supplementary 5 Server
  • Sun JRE (Linux Production Release) 1.5.0
  • Sun JRE (Linux Production Release) 1.5.0 01
  • Sun JRE (Linux Production Release) 1.5.0 02
  • Sun JRE (Linux Production Release) 1.5.0 03
  • Sun JRE (Linux Production Release) 1.5.0 04
  • Sun JRE (Linux Production Release) 1.5.0 05
  • Sun JRE (Linux Production Release) 1.5.0 06
  • Sun JRE (Linux Production Release) 1.5.0 07
  • Sun JRE (Linux Production Release) 1.5.0 08
  • Sun JRE (Linux Production Release) 1.5.0 09
  • Sun JRE (Linux Production Release) 1.5.0 10
  • Sun JRE (Linux Production Release) 1.6.0 01
  • SuSE Novell Linux POS 9
  • SuSE Open-Enterprise-Server
  • SuSE SUSE Linux Enterprise Desktop 10 SP1
  • SuSE SUSE Linux Enterprise SDK 10.SP1
  • SuSE SUSE Linux Enterprise Server 10 SP1
  • SuSE SUSE Linux Enterprise Server 8
  • SuSE SUSE Linux Enterprise Server 9
  • SuSE SuSE Linux Openexchange Server 4.0.0
  • SuSE SUSE LINUX Retail Solution 8.0.0
  • SuSE SuSE Linux School Server for i386
  • SuSE SuSE Linux Standard Server 8.0.0
  • SuSE UnitedLinux 1.0.0

References

  • BugTraq: 24832
  • CVE: CVE-2007-3655

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out