(Oracle Issues Fix for BEA JRockit) Java Runtime Environment (JRE) Bugs Let Remote Users Connect to Local Host Ports
|
|
SecurityTracker Alert ID: 1020742 |
|
SecurityTracker URL: http://securitytracker.com/id/1020742
|
|
CVE Reference:
CVE-2008-3104
(Links to External Site)
|
Date: Aug 25 2008
|
Impact:
Host/resource access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): R27.6.0 and prior versions
|
Description:
A vulnerability was reported in Java Runtime Environment (JRE). A remote user can bypass same-origin policy restrictions. BEA JRockit is affected.
A remote user can create a specially crafted applet that, when loaded by the target user, will be able to bypass network access restrictions and connect to certain ports on the local host.
Gregory Fleischer reported this vulnerability.
|
Impact:
A remote user can connect to certain ports on the local host.
|
Solution:
Oracle has issued a fix for BEA JRockit, which is affected by this Java vulnerability.
The Oracle advisory is available at:
http://support.bea.com/application_content/product_portlets/securityadvisories/2795.html
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 25 Aug 2008 18:37:02 -0400
Subject: [none]
|
http://support.bea.com/application_content/product_portlets/securityadvisories/2795.html
CVE-2008-3104
|
|
