java 7.x -- security manager bypass

US CERT reports: Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager...

[Cookie Cadger] v.0.9

An auditing tool for Wi-Fi or wired Ethernet connections Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests. Cookie Cadger works on Windows, Linux, or Mac, and requires Java 7. Using Cookie Cadger requires having “tshark” – a utility which i...

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20121017) (ROBOT)

Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084, CVE-2012-5089 The...

RHEL 6 : java-1.7.0-oracle (RHSA-2012:1391)

Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...

RHEL 6 : java-1.7.0-ibm (RHSA-2012:1289)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1289 advisory. - OpenJDK: AWT hardening fixes AWT, 7163201 CVE-2012-0547 - Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 Deployment...

Latest IE Zero-Day Flaw Tied to Nitro Hackers and Recent Java Zero-Day Exploits

Security experts are warning enterprise and consumer users to stay away from Internet Explorer until Microsoft issues a patch for a new zero-day vulnerability in the browser. Active exploits have been discovered in the wild and are being linked to Nitro, the same group of hackers from China who...

Critical: Red Hat Security Advisory: java-1.7.0-oracle security update

Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...

RHEL 6 : java-1.7.0-oracle (RHSA-2012:1225)

Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...

Oracle releases patches for Java vulnerability CVE-2012-4681

Oracle has released a new patch which kills off a vulnerability in Java 7 that was being exploited by malware developers. "Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible," Eric Maurice, the company's director of...

Chorus Grows Louder to Disable Java 7 After Exploit Hits Mainstream

More security researchers are recommending users disable the current version of Java after zero-day exploits gained traction in the Web world. Patrick Runald, director of security research for Websense, told PC World today that his team had uncovered more than 100 infected domains – a figure...

FreeBSD Ports: openjdk

The remote host is missing an update to the system as announced in the referenced advisory. VID 16846d1e-f1de-11e1-8bd8-0022156e8794 OpenVAS Vulnerability Test $ Description: Auto generated from VID 16846d1e-f1de-11e1-8bd8-0022156e8794 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

US-CERT Alert TA12-240A - Oracle Java 7 Security Manager Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA12-240A Oracle Java 7 Security Manager Bypass Vulnerability Original release date: August 27, 2012 Last revised: -- Systems Affected Any system using Oracle Java 7 1.7, 1.7.0 including: Java Platform...

Java 7 Applet Remote Code Execution

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

New Java Zero Day Being Used in Targeted Attacks

There is a newly discovered zero day vulnerability in Java 7 that is being used in some targeted attacks right now. The vulnerability works against Internet Explorer and Firefox and researchers say that attackers are exploiting in the wild and installing a version of the Poison Ivy RAT on...

Java 7 Applet Remote Code Execution

The exploit takes advantage of two issues in JDK 7: The ClassFinder and MethodFinder.findMethod. Both were newly introduced in JDK 7. ClassFinder is a replacement for classForName back in JDK 6. It allows untrusted code to obtain a reference and have access to a restricted package in JDK 7, which...

Java 7 Applet - Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

Java 7 Applet Remote Code Execution

Exploit for java platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

java security update

CentOS Errata and Security Advisory CESA-2012:1009 Updated java-1.7.0-openjdk packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

RHEL 6 : java-1.7.0-oracle (RHSA-2012:1019)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1019 advisory. The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes...

Critical: Red Hat Security Advisory: java-1.7.0-oracle security update

Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...