Oracle Java SE Hotspot JSR 292 Method Handles RCE

The version of Oracle Java SE or Java for Business installed on the remote host is affected by an arbitrary code execution vulnerability in the Hotspot subcomponent due to an unsafe implementation of the Reflection API, which improperly processes JSR 292 method handles due to a lack of enforcemen...

jre7-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

jre7-openjdk-headless: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

jdk7-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

jdk8-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

jre8-openjdk-headless: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

jre8-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

Emergency Java Patch Re-Issued for 2013 Vulnerability

Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. Researchers at Security Explorations in Poland two weeks ago disclosed that a Java patch for an issue the company reported in 2013, CVE-2013-5838, was still trivially exploitable, and it...

Broken 2013 Java Patch Leads to Sandbox Bypass

Java’s miserable 2013 just will not go away. One of the endless parade of bugs found in the platform throughout 2013—many of which were zero-day vulnerabilities exploited in targeted attacks—apparently wasn’t closed off completely by an October 2013 patch released by Oracle. Researchers at Polish...

[SE-2014-02] Google App Engine Java security sandbox bypasses (details)

Hello All, Details of our SE-2014-02 project have been released to the public. A technical writeup and accompanying Proof of Concept codes can be found at the following location: http://www.security-explorations.com/en/SE-2014-02-details.html In case of Google App Engine for Java, its first layer...

Researchers Divulge 30 Oracle Java Cloud Service Bugs

Upset with the vulnerability handling process at Oracle, researchers yesterday disclosed more than two dozen outstanding issues with the company’s Java Cloud Service platform. Researchers at Security Explorations published two reports, complete with proof of concept codes, explaining 30 different...

Design/Logic Flaw

The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application...

CVE-2012-6636

CVE-2012-6636 corresponds to an Android WebView issue where WebView.addJavascriptInterface is not properly restricted, allowing crafted JavaScript to invoke Java object methods via Reflection and potentially achieve remote code execution on apps targeting API level 16 or earlier. Connected docs s...

Oracle Java MBeanInstantiator.findClass Remote Code Execution - Ver2 (CVE-2013-0422)

A code execution vulnerability has been reported in Oracle Java. The vulnerability is due to an access control failure in the com.sun.jmx.mbeanserver package and in the invokeWithArguments method of the java.lang.invoke.MethodHandle class. A remote attacker could trigger this vulnerability by usi...

Oracle Java MBeanInstantiator.findClass Remote Code Execution - Ver2 (CVE-2013-0422)

A code execution vulnerability has been reported in Oracle Java. The vulnerability is due to an access control failure in the com.sun.jmx.mbeanserver package and in the invokeWithArguments method of the java.lang.invoke.MethodHandle class. A remote attacker could trigger this vulnerability by usi...

October 2013 Oracle Java Critical Patch Update

On Tuesday, for the first time, Java security updates were included with the quarterly Oracle Critical Patch Update – and just as quickly, Java wasted no time elevating itself as the top concern for Oracle admins and security experts. Of the 51 Java patches released, 50 allow for remote code...

Java Reflection API Vulnerability Exploited

No Java component has had a bigger bull’s eye on its back this year than the Java Reflection API. Bug hunters and hackers alike have found a number of zero-days related to the Reflection API, most of which enable the remote execution of code outside the Java sandbox that’s supposed to prevent suc...

Oracle's Java Security Plans Don't Address Sandbox Flaws

For all of Oracle’s bluster last Thursday about Java security enhancements, next to nothing was said about the real issue behind months of misery this year: the Java sandbox. Oracle broke its radio silence late last week with an out-of-the-blue blogpost full of promises about getting Java right...

[SE-2012-01] New security vulnerabilities and broken fixes in IBM Java

Hello All, Security Explorations discovered 7 additional security issues 62-68 in the latest version of IBM SDK, Java Technology Edition software 1. A majority of the new flaws are due to insecure use or implementation of Java Reflection API. Additionally to the above, we found out that four issu...

[SE-2012-01] Yet another Reflection API flaw affecting Oracle's Java SE

Hello All, Today, a vulnerability report with an accompanying Proof of Concept code was sent to Oracle notifying the company of a new security weakness affecting Java SE 7 software. The new flaw was verified to affect all versions of Java SE 7 including the recently released 1.7.021-b11. It can b...