Multiple Vendors HTTP Redirect Java Applet Vulnerability
BID:1337
Info
Multiple Vendors HTTP Redirect Java Applet Vulnerability
| Bugtraq ID: | 1337 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 10 2000 12:00AM |
| Updated: | Jun 10 2000 12:00AM |
| Credit: | Original bug posted to Bugtraq by Ben Mesander <[email protected]> on April 16, 2000. Additional information provided by Hiromitsu Takagi <[email protected]> on June 10, 2000. |
| Vulnerable: |
Microsoft Internet Explorer Macintosh Edition 4.0.1 Microsoft Internet Explorer Macintosh Edition 4.0 Microsoft Internet Explorer Macintosh Edition 3.0 Apple Applet Runner Alexander Clauss & iCab Company iCab 2.0 pre |
| Not Vulnerable: | |
Discussion
Multiple Vendors HTTP Redirect Java Applet Vulnerability
A malicious web site operator could set up an applet on a web page which would process http redirect requests to an external location and send back sensitive data to the originating server, regardless of file format. This is due to the fact that the applet security model in the implementation of Mac OS Runtime Java (MRJ) is ignored in this case.
This vulnerability depends on the combination of MRJ and browser version the system is running. To check whether or not your machine is vulnerable, make note of what version of browser and MRJ you are running and visit the following URL:
http://java-house.etl.go.jp/ml/archive/j-h-b/033471.html
A malicious web site operator could set up an applet on a web page which would process http redirect requests to an external location and send back sensitive data to the originating server, regardless of file format. This is due to the fact that the applet security model in the implementation of Mac OS Runtime Java (MRJ) is ignored in this case.
This vulnerability depends on the combination of MRJ and browser version the system is running. To check whether or not your machine is vulnerable, make note of what version of browser and MRJ you are running and visit the following URL:
http://java-house.etl.go.jp/ml/archive/j-h-b/033471.html
Exploit / POC
Multiple Vendors HTTP Redirect Java Applet Vulnerability
Hiromitsu Takagi <[email protected]> has set up the following web page which demonstrates this vulnerability:
http://java-house.etl.go.jp/~takagi/java/test/urlconnection-http-redirect/Test.html
Hiromitsu Takagi <[email protected]> has set up the following web page which demonstrates this vulnerability:
http://java-house.etl.go.jp/~takagi/java/test/urlconnection-http-redirect/Test.html
Solution / Fix
Multiple Vendors HTTP Redirect Java Applet Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Multiple Vendors HTTP Redirect Java Applet Vulnerability
References:
References:
- HTTP Redirect Bug Test (Hiromitsu Takagi)
- Warning: Security Holes Found in URLConnection of MRJ and IE of Mac OS (Hiromitsu Takagi)