Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: web5193.htm

Java Applet Can Redirect Browser Traffic
20th Mar 2002 [SBWID-5193]

	Java Applet Can Redirect Browser Traffic


	 Sun/Blackdown	      1.1.7/8, 1.2.2, 1.3.0/1	linux/win32

	 Netscape 4.61	      default Java Runtime	linux

	 MSIE 5.0	      default Java Runtime	win32



	Harmen van der Wal [] found following :

	The Java security model is designed to  allow  code  from  an  untrusted
	source, usually web applets, to be safely executed.



	An applet could do irregular, unchecked HTTP requests.



	Network access restrictions that apply, can be  bypassed.  Only  systems
	that have a HTTP proxy configured can be vulnerable.

	One particular nasty exploit is  where  a  remote  server,  aided  by  a
	hostile applet, hijacks a browsers persistent  HTTP  connection  to  its
	configured HTTP proxy.


	I audited both Kaffe and GNU Classpath class libraries, and to the  best
	of my knowledge, they are not vulnerable to this issue.


	Apply patch available at

	Microsoft :



	Sun :




	HP :



	Netscape :





TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH