jarsigner in OpenJDK and Oracle Java SE prior to 7u51 allows remote malicious users to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle jre 1.7.0 |
||
oracle jdk 1.7.0 |
||
oracle jdk |
||
oracle jre |