Oracle.Java.SE.ECDSA.signature.Security.Bypass
Description
This indicates an attack attempt to exploit a Security Bypass vulnerability in Oracle Java SE.
Incorrect certificate signature checks in Java SE allows an attacker to impersonate as the real server in a SSL protected communication. An attacker could impersonate as a legitimate server with a specially crafted certificate. This can result in a MITM attack.
Affected Products
Oracle Java SE 17.0.2 and 18
Oracle GraalVM Enterprise Edition 21.3.1 and 22.0.0.2
Impact
Security Bypass: Remote attackers can bypass security checks of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.oracle.com/security-alerts/cpuapr2022.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |