Oracle.Java.Software.Update.Weakness
Description
This is an attack attempt against a Software Update Spoofing vulnerability in Oracle Java.
The vulnerability is caused because the "Java Update" mechanism of the vulnerable application insecurely validates new updates. A man-in-the-middle attacker may offer software that appears to originate from Oracle.
Affected Products
Oracle Java Runtime Environment (JRE) 6 update 29 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Do not use the "Java Update" utility.
Currently we are not aware of any vendor supplied patches.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |