Signature Detail
Short Name |
HTTP:STC:JAVA:SQL-DRIVERMANAGER |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Java java.sql.DriverManager Sandbox Bypass |
Release Date |
2013/05/29 |
Update Number |
2268 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Oracle Java java.sql.DriverManager Sandbox Bypass
This signature detects attempts to exploit a known vulnerability against Oracle Java. A successful attack can lead to arbitrary code execution.
Extended Description
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.
Affected Products
- oracle jdk 1.7.0 (update17)
- oracle jre 1.7.0 (update17)
References
- CVE: CVE-2013-1488