[Emerging-Sigs] Sig: ET POLICY Vulnerable Java Version 1.6.x Detected

Chris Wakelin c.d.wakelin at reading.ac.uk
Mon Oct 24 09:46:50 EDT 2011


Well, we'll get lots of hits until people have updated :)

I guess it's a different ballgame for now than those with Java <
1.6.0_24 which is widely exploited. Perhaps we should have two
signatures, with a higher priority one for Java < 1.6.0_24 (or whatever
we've seen exploits for in the wild)?

Chris

On 24/10/11 14:42, Matthew Jonkman wrote:
> Sigh….
> 
> I assume then no objections to up'ing the rev we're looking for in these?
> 
> Doing so if no screaming. Thanks Chris!!
> 
> Matt
> 
> 
> On Oct 24, 2011, at 9:36 AM, Chris Wakelin wrote:
> 
>> Looks like _27 is vulnerable too:
>>
>> http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html#AppendixJAVA
>>
>> Has anybody seen exploits?
>>
>> Chris
>>


-- 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 2908
Whiteknights, Reading, RG6 6AF, UK              Fax: +44 (0)118 975 3094


More information about the Emerging-sigs mailing list