SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BEA JRockit Vendors:   Oracle
(Oracle Issues Fix for BEA JRockit) Java Runtime Environment (JRE) Bugs Let Remote Users Connect to Local Host Ports
SecurityTracker Alert ID:  1020742
SecurityTracker URL:  http://securitytracker.com/id/1020742
CVE Reference:   CVE-2008-3104   (Links to External Site)
Date:  Aug 25 2008
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): R27.6.0 and prior versions
Description:   A vulnerability was reported in Java Runtime Environment (JRE). A remote user can bypass same-origin policy restrictions. BEA JRockit is affected.

A remote user can create a specially crafted applet that, when loaded by the target user, will be able to bypass network access restrictions and connect to certain ports on the local host.

Gregory Fleischer reported this vulnerability.

Impact:   A remote user can connect to certain ports on the local host.
Solution:   Oracle has issued a fix for BEA JRockit, which is affected by this Java vulnerability.

The Oracle advisory is available at:

http://support.bea.com/application_content/product_portlets/securityadvisories/2795.html

Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 10 2008 Java Runtime Environment (JRE) Bugs Let Remote Users Connect to Local Host Ports



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC