HTTP: Sun Java Runtime Environment Image Parsing Library Heap Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Sun Java Runtime Environment. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Extended Description
Sun Java Runtime Environment is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application. This issue affects the following products and versions: JDK and JRE 6 prior to Update 5 JDK and JRE 5.0 prior to Update 15 SDK and JRE prior to 1.4.2_17 SDK and JRE prior to 1.3.1_22 This vulnerability was previously covered in BID 28083 (Sun Java SE Multiple Security Vulnerabilities), but has been given its own record to better document the issue.
Affected Products
Sun jre_(solaris_reference_release)
Short Name
HTTP:STC:JAVA:JRE-IMG-PARS-DOS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2008-1193 Environment Heap Image Java Library Overflow Parsing Runtime Sun bid:28125
Release Date
12/17/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Suse
Apple
Gentoo
Sun
Bea_systems
Vmware
CVSS Score
9.3