Release DateJan 19, 2012 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis is an attack attempt against a Software Update Spoofing vulnerability in Oracle Java.The vulnerability is caused because the "Java Update" mechanism of the vulnerable application insecurely validates new updates. A man-in-the-middle attacker may offer software that appears to originate from Oracle. |
Affected ProductsOracle Java Runtime Environment (JRE) 6 update 29 and prior |
Recommended ActionsDo not use the "Java Update" utility.Currently we are not aware of any vendor supplied patches. |
Coverage IPS
VCM |
Reference/shttps://portal.telussecuritylabs.com/threat/TSL20111212-06 |
