Sun Java JRE Plug-in Capability Arbitrary Package Access (Unix)
High Nessus Plugin ID 64835
SynopsisThe remote Unix host has an application that is affected by a security bypass vulnerability.
DescriptionThe remote host is using an unmanaged version of Sun Java Runtime Environment that has vulnerabilities in its Java Runtime Plug-in, a web browser add-on used to display Java applets :
- An untrusted applet may escalate its privileges in order to read, write or execute files on the remote system.
- An untrusted applet may interfere with trusted applets loaded on the same page.
A remote attacker could exploit these by tricking a user into visiting a maliciously crafted web page.
SolutionUpgrade to JDK 1.3.1_13 / JRE 1.4.2_06 or later.