Signature Detail
Short Name |
HTTP:STC:JAVA:METHODHANDLE |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Java Private MethodHandle Sandbox Bypass |
Release Date |
2014/02/13 |
Update Number |
2345 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Oracle Java Private MethodHandle Sandbox Bypass
This signature detects attempts to exploit a known vulnerability against Oracle Java. The vulnerability is due to a failure to restrict access to private methods via reflection. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.
Extended Description
Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Affected Products
- oracle jdk 1.7.0 (update_45)
- oracle jre 1.7.0 (update_45)
References
- CVE: CVE-2013-5893