Oracle JVM gopher protocol - SSRF

Application: Oracle JVM Versions Affected: Oracle JVM Vendor URL: http://www.oracle.com Bugs: Security Bypass, SSRF Exploits: YES Reported: 16.07.2012 Vendor response: 18.07.2012 Date of Public Advisory: 23.10.2012 Reference: Oracle CPU October 2012 Authors: Alexander Polyakov ERPScan Description...

[SECURITY] Oracle JVM bug causes denial of service in Apache Tomcat

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The original report is 1. Tomcat is affected when accessing a form based security constrained page or any page that calls javax.servlet.ServletRequest.getLocale or javax.servlet.ServletRequest.getLocales. Work-arounds have been implemented in the...