Java Reflection API privilege escalation vulnerability
 Technote (FAQ)
 
Problem
Three security vulnerability with the use of "reflection" APIs in the Java Runtime Environment (JRE) may (independently) allow an untrusted applet to elevate its privileges.

The first issue is due to three errors related to the use of "reflection" APIs in JRE, which could be exploited by attackers to read and write local files or execute local applications by convincing a user to visit a specially crafted Web page.

The second vulnerability is due to an error in Java Management Extensions (JMX) when handling specially crafted applets, which could be exploited by attackers to read and write local files or execute local applications with the privileges of the user running the untrusted
applet.

The third flaw is due to an unspecified error when handling specially crafted applets, which could be exploited by attackers to read and write local files or execute local applications with the privileges of the user running the untrusted applet.

All these vulnerability are only for applet containers which execute malicious code downloaded from server applications. So, all these vulnerability do not apply to most of the applications running in WebSphere Application Server, because the code in application server is trusted code.
 
Solution
  • AIX, Windows and Linux platforms:
    IBM SDK 1.4.2 Service Release 3 (SR3) and later
    IBM SDK 1.3.1 Service Release 9 (SR9) and later
  • Solaris platforms:
    1.4.2_09 and later
    1.3.1_16 and later
 
Related information
US-CERT Vulnerability Note VU#974188
Security Vulnerabilities in the Java Runtime Environmen
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Java SDK
Operating system(s): HP-UX
Software version: 4.0
Software edition:
Reference #: 1225628
IBM Group: Software Group
Modified date: Dec 15, 2005