SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Sun
Java Runtime Environment (JRE) Lets Remote Applets Bypass Secure Static Versioning Restrictions
SecurityTracker Alert ID:  1020460
SecurityTracker URL:  http://securitytracker.com/id/1020460
CVE Reference:   CVE-2008-3115   (Links to External Site)
Updated:  Jul 10 2008
Original Entry Date:  Jul 10 2008
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): JDK and JRE 5.0 Update 6 through 15, JDK and JRE 6 Update 6 and prior updates
Description:   A vulnerability was reported in Java Runtime Environment (JRE). A user can run applets on an older version of JRE.

A local user can install an older version of JRE (prior to JRE 5.0 Update 6) to enable applets to run on that older release, bypassing the Secure Static Versioning restrictions of JRE 5.0 Update 6 and later.

Only Windows Vista is affected.

John Heasman of NGSSoftware reported this vulnerability.

Impact:   A user can run applets on an older version of JRE.
Solution:   Sun has issued the following fix for Windows Vista:

* JDK and JRE 6 Update 7 or later
* JDK and JRE 5.0 Update 16 or later

JDK and JRE 6 Update 7 is available for download at the following links:

http://java.sun.com/javase/downloads/index.jsp

http://java.com/

JRE 6 updates are available through the Java Update tool for Microsoft Windows users.

JDK and JRE 5.0 Update 16 is available for download at the following link:

http://java.sun.com/javase/downloads/index_jdk5.jsp

Note: It is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see:

http://java.com/en/download/help/uninstall_java.xml

The vendor's advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Vista)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC