Sun Java 1.6.0_03 and previous versions versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun java 1.6.0 |
||
sun java |