MENU

Pagoda Blog

Oracle Java JRE 1.7 allows untrusted code

August 28, 2012

 

Overview

Oracle Java Runtime Environment (JRE) 1.7 contains a vulnerability that may allow an applet to call setSecurityManager in a way that allows setting of arbitrary permissions.

Description

The Oracle Java Runtime Environment (JRE) 1.7 allows users to run Java applications in a browser or as standalone programs. Oracle has made the JRE available for multiple operating systems.

The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager provided by the browser or Java Web Start plugin. Oracle's document states"If there is a security manager already installed, this method first calls the security manager's checkPermission method with aRuntimePermission("setSecurityManager")permission to ensure it's safe to replace the existing security manager. This may result in throwing a SecurityException". 

More here: http://www.kb.cert.org/vuls/id/636312



Return to Pagoda Blog Main Page


As your trusted IT service partner, Pagoda Technologies is here to help you achieve your near and long-term business goals through reliable and affordable IT support. 

Pagoda Technologies

101 Cooper Street

Santa Cruz, CA 95060

831-419-8000

Contact us for a free IT consultation

 

 

Get in touch 

Join our newsletter

Want IT to serve you better? 

 

 

Subscribe 

Follow Us

Facebook LinkedIn LinkedIn