Threat Encyclopedia

Oracle.Java.SE.ECDSA.signature.Security.Bypass

description-logoDescription

This indicates an attack attempt to exploit a Security Bypass vulnerability in Oracle Java SE.
Incorrect certificate signature checks in Java SE allows an attacker to impersonate as the real server in a SSL protected communication. An attacker could impersonate as a legitimate server with a specially crafted certificate. This can result in a MITM attack.

affected-products-logoAffected Products

Oracle Java SE 17.0.2 and 18
Oracle GraalVM Enterprise Edition 21.3.1 and 22.0.0.2

Impact logoImpact

Security Bypass: Remote attackers can bypass security checks of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.oracle.com/security-alerts/cpuapr2022.html

CVE References

CVE-2022-21449

Telemetry logoTelemetry