OSVDB ID: 73078

Title: Oracle Java SE / JRE Java Web Start File Search Path Settings Files Loading Remote Code Execution

Info

Disclosure

Jun 09, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jun 08, 2011

Description

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Oracle Corporation	Java JDK	6 Update 25
	Java JDK	5.0 Update 29
	Java JRE	6 Update 25
	Java SDK	1.4.2_31

References

OVAL ID: 14382 14604
CVE ID: 2011-0786 (see also: NVD)
Secunia Advisory ID: 44784 44930 45206 45302 45736 45803 47233 49035 49953 49966
Bugtraq ID: 48133
Related OSVDB ID: 73069 73070 73071 73072 73073 73074 73075 73076 73077 73079 73080 73081 73082 73083 73084 73085
Vendor Specific News/Changelog Entry: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02945548
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html
Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03358587
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03405642
http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-08-689&viewMode=view
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_XRX11-003_V1.0.pdf
https://hermes.opensuse.org/messages/8754315
https://hermes.opensuse.org/messages/9605351
Other Advisory URL: http://jvn.jp/en/jp/JVN09206238/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000034.html
http://www.ibm.com/developerworks/java/jdk/alerts/
Mail List Post: http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html
http://seclists.org/bugtraq/2012/Jan/187
News Article: http://nakedsecurity.sophos.com/2011/06/08/oracle-java-6-update-26-available-now
http://www.theregister.co.uk/2011/06/08/java_security_update/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/73078

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Oracle Corporation

Java JDK

Java JRE

Java SDK

References

Credit