|
|
Sun Microsystems不可信Applet与Java安全模型冲突漏洞
发布时间:2003-06-05
更新时间:2003-06-05
严重程度:中
威胁程度:服务器信息泄露
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:7824
受影响系统Sun JRE (Linux Production Release) 1.2.2 _011
Sun JRE (Linux Production Release) 1.2.2 _010
Sun JRE (Linux Production Release) 1.2.2 _003
Sun JRE (Linux Production Release) 1.3 .0_05
Sun JRE (Linux Production Release) 1.3 .0_02
Sun JRE (Linux Production Release) 1.3 .0
Sun JRE (Linux Production Release) 1.3.1 _03
+Macromedia ColdFusion Server MX Developer
+Macromedia ColdFusion Server MX Enterprise
+Macromedia ColdFusion Server MX Professional
Sun JRE (Linux Production Release) 1.3.1 _01
Sun JRE (Linux Production Release) 1.3.1
Sun JRE (Linux Production Release) 1.4
Sun JRE (Solaris Production Release) 1.2.2 _012
Sun JRE (Solaris Production Release) 1.2.2 _011
Sun JRE (Solaris Production Release) 1.2.2 _010
Sun JRE (Solaris Production Release) 1.2.2
Sun JRE (Solaris Production Release) 1.3 .0_05
Sun JRE (Solaris Production Release) 1.3 .0_02
Sun JRE (Solaris Production Release) 1.3
Sun JRE (Solaris Production Release) 1.3.1 _04
Sun JRE (Solaris Production Release) 1.3.1 _03
+Macromedia ColdFusion Server MX Developer
+Macromedia ColdFusion Server MX Enterprise
+Macromedia ColdFusion Server MX Professional
Sun JRE (Solaris Production Release) 1.3.1 _01
Sun JRE (Solaris Production Release) 1.4 .0_01
Sun JRE (Solaris Production Release) 1.4
Sun JRE (Solaris Reference Release) 1.2.2 _012
Sun JRE (Solaris Reference Release) 1.2.2 _011
Sun JRE (Solaris Reference Release) 1.2.2
Sun JRE (Windows Production Release) 1.2.2 _011
Sun JRE (Windows Production Release) 1.2.2 _010
Sun JRE (Windows Production Release) 1.2.2
Sun JRE (Windows Production Release) 1.3 .0_05
Sun JRE (Windows Production Release) 1.3 .0_04
Sun JRE (Windows Production Release) 1.3 .0_02
Sun JRE (Windows Production Release) 1.3
Sun JRE (Windows Production Release) 1.3.1 _04
Sun JRE (Windows Production Release) 1.3.1 _03
+Macromedia ColdFusion Server MX Developer
+Macromedia ColdFusion Server MX Enterprise
+Macromedia ColdFusion Server MX Professional
Sun JRE (Windows Production Release) 1.3.1 _01
Sun JRE (Windows Production Release) 1.4 .0_01
Sun JRE (Windows Production Release) 1.4
Sun SDK (Linux Production Release) 1.2.2 _011
Sun SDK (Linux Production Release) 1.2.2 _010
Sun SDK (Linux Production Release) 1.3 _05
Sun SDK (Linux Production Release) 1.3 _02
Sun SDK (Linux Production Release) 1.3.1 _03
Sun SDK (Linux Production Release) 1.3.1 _01
Sun SDK (Linux Production Release) 1.4
Sun SDK (Solaris Production Release) 1.2.2 _10
Sun SDK (Solaris Production Release) 1.2.2 _011
Sun SDK (Solaris Production Release) 1.2.2
Sun SDK (Solaris Production Release) 1.3 _05
Sun SDK (Solaris Production Release) 1.3 _02
Sun SDK (Solaris Production Release) 1.3
Sun SDK (Solaris Production Release) 1.3.1 _03
Sun SDK (Solaris Production Release) 1.3.1 _01
Sun SDK (Solaris Production Release) 1.4
Sun SDK (Windows Production Release) 1.2.2 _012
Sun SDK (Windows Production Release) 1.2.2 _011
Sun SDK (Windows Production Release) 1.2.2 _010
Sun SDK (Windows Production Release) 1.3 .0_05
Sun SDK (Windows Production Release) 1.3 .0_02
Sun SDK (Windows Production Release) 1.3.1 _04
Sun SDK (Windows Production Release) 1.3.1 _03
Sun SDK (Windows Production Release) 1.3.1 _01a
Sun SDK (Windows Production Release) 1.4 .0_01
Sun SDK (Windows Production Release) 1.4 详细描述
Sun Java运行环境没有正确地保护可信applet,攻击者可能利用恶意的applet获取对于敏感信息的访问。
解决方案
厂商已经在最新版本的软件中修补了此漏洞:
Sun Upgrade SDK and JRE (Solaris Production Release) 1.2.2_13
http://java.sun.com/j2se/
相关信息
Sun Alert ID: 55100
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55100
|
