HTTP: Java Runtime Environment Web Start JNLP File Stack Buffer Overflow
This signature detects attempts to exploit a known vulnerability against Oracle Java. A successful exploit can lead to a buffer overflow and arbitrary code execution.
Extended Description
Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in a denial-of-service condition. This issue affects these versions: Java Runtime Environment 6 update 1 Java Runtime Environment 5 update 11 Prior versions are also affected.
Affected Products
Sun jre_(linux_production_release)
Short Name
HTTP:STC:JAVA:JNLP-OF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2007-3655 Environment File JNLP Java Overflow Runtime Stack Start Web bid:24832
Release Date
02/02/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Sun
Suse
Apple
Gentoo
CVSS Score
6.8