Sun Java JRE / Web Start Java Plug-in Untrusted Applet Privilege Escalation (Unix)
High Nessus Plugin ID 64836
SynopsisThe remote Unix host contains a runtime environment that is affected by multiple vulnerabilities.
DescriptionThe remote host is using an unmanaged version of Sun Java Runtime Environment that has vulnerabilities in its Java Runtime Plug-in, a web browser add-on used to display Java applets.
The JRE Plug-in security can be bypassed by tricking a user into viewing a maliciously crafted web page.
Additionally, a denial of service vulnerability is present in this version of the JVM. This issue is triggered by viewing an applet that misuses the serialization API.
SolutionUpgrade to JRE 1.4.2_08 / 1.5.0 update 2 or later.