GIFAR.Image.CSRF
Description
This indicates an attempt to exploit a Cross-site request forgery vulnerability in Java VM.
This vulnerability presents itself when a malicious JAR file is combined with a GIF file. The browser may interpret the file as a GIF and will trust its content, while the Java VM recognizes the JAR part and will automatically run it.
Affected Products
Social sites like Facebook and Myspace are particularly at risk, and any site which requires the users to login.
Impact
System Compromise: remote attackers can exploit Cross-site request forgery.
Recommended Actions
Do not install java vm.
Do not browse untrusted site.
Refer to the Sun's web site for suggested workaround.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-02 | 16.972 |