virus logo Intrusion Prevention

Oracle.Java.Software.Update.Weakness

description-logoDescription

This is an attack attempt against a Software Update Spoofing vulnerability in Oracle Java.
The vulnerability is caused because the "Java Update" mechanism of the vulnerable application insecurely validates new updates. A man-in-the-middle attacker may offer software that appears to originate from Oracle.

affected-products-logoAffected Products

Oracle Java Runtime Environment (JRE) 6 update 29 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Do not use the "Java Update" utility.
Currently we are not aware of any vendor supplied patches.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 30726
Created Jan 19, 2012
Updated Nov 03, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows
Affected App Oracle