Polski

SE-2012-01 Details

This page presents details of security vulnerabilities and attack techniques discovered as a result of our Java SE security research project. These details are provided in a form of a technical report and presentation slides for the talk that was given by Adam Gowdiak on 14 Nov 2012 at Devoxx Java Community Conference in Antwerp.

Materials

  • "Security Vulnerabilities in Java SE", technical report, PDF file, 1.7MB (download)
  • "Security Vulnerabilities in Java SE", Devoxx presentation, PDF file, 2.3MB (download)

Selected Oracle Vulnerability Reports

  • SE-2012-01-ORACLE-4, Issues #27-31, PDF file, 214KB (download)
  • SE-2012-01-ORACLE-5, Issue #32, PDF file, 196KB (download)
  • SE-2012-01-ORACLE-6, Issue #50, PDF file, 198KB (download)
  • SE-2012-01-ORACLE-7, Issue #50 (Vulnerability Fix Experiment), PDF file, 237KB (download)
  • SE-2012-01-ORACLE-8, Issues #51-52, PDF file, 204KB (download)
  • SE-2012-01-ORACLE-9, Issue #53, PDF file, 215KB (download)
  • SE-2012-01-ORACLE-10, Issue #54-55, PDF file, 262KB (download)
  • SE-2012-01-ORACLE-11, Issue #56-60, PDF file, 239KB (download)
  • SE-2012-01-ORACLE-12, Issue #61, PDF file, 214KB (download)
  • SE-2012-01-ORACLE-13, Issue #69, PDF file, 286KB (download)

IBM Vulnerability Reports

  • SE-2012-01-IBM, Issues #33-49, PDF file, 253KB (download)
  • SE-2012-01-IBM-2, Issue #62-68, PDF file, 256KB (download)
  • SE-2012-01-IBM-3, Issue #70-71, PDF file, 217KB (download)

Oracle CVE IDs mapping

  • SE-2012-01-CVE_Map, PDF file, 259KB (download)

Issues evaluated by a vendor as no security vulnerabilities

  • Apple's "security hardening" issue, PDF file, 266KB (download)
  • Oracle's "allowed behavior" issue, PDF file, 300KB (download)
DISCLAIMER

Proof of Concept Codes below are provided purely for educational purposes only. It is expressly forbidden to use them for any purposes that would violate any domestic or international laws. If you do not agree with this policy, please leave this page.

  • "Security Vulnerabilities in Java SE", Proof of Concept codes, ZIP file, 309KB (download)
  • "Security Vulnerabilities in Java SE", Proof of Concept code for Issues 27-29, ZIP file, 23KB (download)
  • "Security Vulnerabilities in Java SE", Proof of Concept code for server side RMI attack, ZIP file, 23KB (download)
  • "Security Vulnerabilities in Java SE", Proof of Concept codes for Issues 50-60, ZIP file, 147KB (download)
  • "Security Vulnerabilities in Java SE", Proof of Concept code for Issue 61, ZIP file, 13KB (download)
  • "Security Vulnerabilities in Java SE", Proof of Concept codes for Issues 62-68, ZIP file, 76KB (download)
  • "Security Vulnerabilities in Java SE", Proof of Concept code for Issue 69, ZIP file, 16KB (download)
  • "Security Vulnerabilities in Java SE", Proof of Concept codes for Issues 70-71, ZIP file, 31KB (download)

Copyright 2008-2014 Security Explorations. All Rights Reserved.