X

The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 246387 A Security Vulnerability in the Java Runtime Environment may Allow Code Loaded From the Local Filesystem to Access LocalHost

Guest Author
Product: Java Platform, Standard Edition 6 (Java SE 6)

The Java Runtime Environment (JRE) allows code loaded from the localfilesystem to access localhost. This may allow code that is maliciouslyplaced on the local filesystem and then subsequently run, to havenetwork access to localhost that would not otherwise be allowed if thecode were loaded from a remote host. This may be leveraged to steal cookies andhijack sessions (for domains that map a name to the localhost).

State: Resolved
First released: 03-Dec-2008

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.