|
Problem |
Three security vulnerability with the use of "reflection"
APIs in the Java Runtime Environment (JRE) may (independently) allow an
untrusted applet to elevate its privileges.
The first issue is due to three errors related to the use of "reflection"
APIs in JRE, which could be exploited by attackers to read and write local
files or execute local applications by convincing a user to visit a
specially crafted Web page.
The second vulnerability is due to an error in Java Management Extensions
(JMX) when handling specially crafted applets, which could be exploited by
attackers to read and write local files or execute local applications with
the privileges of the user running the untrusted
applet.
The third flaw is due to an unspecified error when handling specially
crafted applets, which could be exploited by attackers to read and write
local files or execute local applications with the privileges of the user
running the untrusted applet.
All these vulnerability are only for applet containers which execute
malicious code downloaded from server applications. So, all these
vulnerability do not apply to most of the applications running in
WebSphere Application Server, because the code in application server is
trusted code. |
|
Solution |
|
|
|