The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 244989 The Java Runtime Environment (JRE) "Java Update" Mechanism Does Not Check the Digital Signature of the JRE that it Downloads

Guest Author
Product: Java Platform, Standard Edition (Java SE)

The Java Runtime Environment (JRE) "Java Update" mechanism does not check the digital signature of the JRE that it downloads. This may allow a malicious file to be downloaded and installed if the DNS information that the JRE uses when checking for updates is compromised.

Sun acknowledges with thanks, Francisco Amato for bringing this issue to our attention.

State: Resolved
First released: 03-Dec-2008

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.