Oracle Java SE Multiple Unspecified Security Bypass Vulnerabilities
BID:52877
Info
Oracle Java SE Multiple Unspecified Security Bypass Vulnerabilities
| Bugtraq ID: | 52877 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2012 12:00AM |
| Updated: | Apr 04 2012 12:00AM |
| Credit: | Security Explorations |
| Vulnerable: |
Sun JRE (Windows Production Release) 1.7.0_2 Sun JRE (Windows Production Release) 1.7 Sun JRE (Solaris Production Release) 1.7.0_2 Sun JRE (Solaris Production Release) 1.7 Sun JRE (Linux Production Release) 1.7.0_2 Sun JRE (Linux Production Release) 1.7 Sun JDK (Windows Production Release) 1.7 Sun JDK (Windows Production Release) 1.7.0_2 Sun JDK (Solaris Production Release) 1.7 Sun JDK (Solaris Production Release) 1.7.0_2 Sun JDK (Linux Production Release) 1.7 Sun JDK (Linux Production Release) 1.7.0_2 |
| Not Vulnerable: | |
Discussion
Oracle Java SE Multiple Unspecified Security Bypass Vulnerabilities
Oracle Java SE is prone to multiple unspecified security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions of the Java sandbox, which may aid in further attacks.
Successfully exploiting certain issues may allow attackers to bypass sandbox security feature of Java. This allows attackers to perform restricted actions on the affected system with the privileges of the vulnerable application.
Oracle Java SE is prone to multiple unspecified security-bypass vulnerabilities.
An attacker can exploit these issues to bypass certain security restrictions of the Java sandbox, which may aid in further attacks.
Successfully exploiting certain issues may allow attackers to bypass sandbox security feature of Java. This allows attackers to perform restricted actions on the affected system with the privileges of the vulnerable application.
Exploit / POC
Oracle Java SE Multiple Unspecified Security Bypass Vulnerabilities
The researcher responsible for discovering these issues has developed exploit code to trigger the vulnerabilities. This exploit code is not known to be publicly available.
The researcher responsible for discovering these issues has developed exploit code to trigger the vulnerabilities. This exploit code is not known to be publicly available.
Solution / Fix
Oracle Java SE Multiple Unspecified Security Bypass Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Oracle Java SE Multiple Unspecified Security Bypass Vulnerabilities
References:
References:
- [SE-2012-01] Security vulnerabilities in Java SE (Security Explorations)
- Sun Java Homepage (Sun Microsystems)