zoukankan      html  css  js  c++  java

  • Java 1.7.0_21b11 Code Execution

    测试方法:

    提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!

    1. Thenew flaw was verified to affect all versions of Java SE
    2. 7(including the recently released 1.7.0_21-b11).It can be
    3. used to achieve a complete Java security sandbox bypass on
    4. a target system.Successful exploitation in a web browser
    5. scenario requires proper user interaction (a user needs to
    6. accept the risk of executing a potentially malicious Java
    7. application when a security warning window is displayed).
    8.  
    9. What's interesting is that the new issue is present not only
    10. in JRE Plugin / JDK software, but also the recently announced
    11. Server JRE as well [1]. Those concerned about a feasibility
    12. of exploitation of Java flaws in a server environment should
    13. consult Guideline 3-8 of "Secure Coding Guidelines for a Java
    14. Programming Language" [2]. It lists the following software
    15. components and APIs as potentially prone to the execution of
    16. untrusted Java code:
    17. - Sun implementation of the XSLT interpreter,
    18. - Long Term Persistence of JavaBeans Components,
    19. - RMI and LDAP (RFC 2713),
    20. - Many SQL implementations.
    21.  
    22. In Apr 2012 [3], we reported our first vulnerability report
    23. to Oracle corporation signaling multiple security problems in
    24. Java SE 7 and the Reflection API in particular. It's been a
    25. year since thenand to ourtrue surprise, we were still able
    26. to discover one of the simplest and most powerful instances
    27. of JavaReflection API based vulnerabilities.It looks Oracle
    28. was primarily focused on hunting down potentially dangerous
    29. Reflection API calls in the "allowed" classes space.If so,
    30. no surprise that Issue61 was overlooked.
    31.  
    32. Thank you.
    33.  
    34. BestRegards
    35. AdamGowdiak
    36.  
    37. ---------------------------------------------
    38. SecurityExplorations
    39. http://www.security-explorations.com
    40. "We bring security research to the new level"
    41. ---------------------------------------------
    42.  
    43. References:
    44. [1]Server JRE (Java SE RuntimeEnvironment)7Downloads
    46. http://www.oracle.com/technetwork/java/javase/downloads/server-jre7-downloads-1931105.html
    47. [2]SecureCodingGuidelinesfor the JavaProgrammingLanguage,Version4.0
    48. http://www.oracle.com/technetwork/java/seccodeguide-139067.html
    49. [3] SE-2012-01Vendors status
    50. http://www.security-explorations.com/en/SE-2012-01-status.html
  • 相关阅读:
    mysql索引创建&查看&删除
    linq中不能准确按拼音排序
    Vue的组件的注册,复用以及组件中template多行处理
    Vue的简单使用和部分常用指令
    SpringBootMVC+thymeleaf模板初探
    记一次遗留代码的重构改造:数十万行国家标准坐标文件分析方法的改造与提速
    springBoot 集成Mysql数据库
    C#和Java的对比
    架构学习提炼笔记(三):高性能架构设计技巧——读写分离
    架构学习提炼笔记(二):架构设计的流程是什么?
  • 原文地址:https://www.cnblogs.com/security4399/p/3043662.html
Copyright © 2011-2022 走看看