Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Windows >> Sun JRE Java Plug-in JavaScript Security Restriction Bypass (2)


Vulnerability Assessment Details

Sun JRE Java Plug-in JavaScript Security Restriction Bypass (2)

Vulnerability Assessment Summary
Acertains the version of Java JRE plugin

Detailed Explanation for this Vulnerability Assessment

The remote host is using a vulnerable version of Sun Java Runtime
Plug-in, an addon to many web browser like Internet Explorer to
display java applets.

It has been reported that the Java JRE Plug-in Security can be bypassed.
As a result, a possible hacker may be able to exploit it by creating a malicious
Java applet to compromise the computer.

Additionally, a denial of service vulnerability is present in the remote
version of the JVM. A possible hacker could exploit it by creating an applet
which misuses the serialization API.

Solution : Upgrade to JRE 1.4.2_08 or 1.5.0 update 2
See also : http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
Network Security Threat Level: High

Networks Security ID: 13958, 13945

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security

Cables, Connectors

Cisco WS-3750G-24TS-S1U V03
$175.0
Cisco WS-3750G-24TS-S1U V03 pictureIBM Rackswitch G8052 7309-G52 managed - rack-mountable
$999.0
IBM Rackswitch G8052 7309-G52 managed - rack-mountable picture8 Port PoE Gigabit 10/100/1000 Ethernet Desktop/Rackmount Switch Hub
$157.38
8 Port PoE Gigabit 10/100/1000 Ethernet  Desktop/Rackmount Switch Hub pictureLINKSYS 10/100 16 PORT WORKGROUP SWITCH EZXS16W
$12.95
LINKSYS 10/100 16 PORT WORKGROUP SWITCH EZXS16W picture


Discussions

No Discussions have been posted on this vulnerability.