The discovery of security issues in Java is something that Oracle deals with on a routine basis by way of regular security updates. Security issues with Java.com, however, is another issue.
Security researchers with the YGN Ethical Hacker Group publicly reported this week that Java.com was at risk from an arbitrary URL redirection vulnerability. YGN made the report on the public Full-Disclosure security mailing list.
The group also provided a link to a proof-of-concept demo to validate their claim.
According to YGN, it informed Oracle of the vulnerability on April 19th. On April 23rd, Oracle replied, "Thank you for bringing this issue to our attention. We appreciate your note and wanted to let you know that we have fixed it.
Oracle did not respond by press time to a request for comment from InternetNews.com on the YGN disclosure.
A URL redirection flaw is a serious issue that could have enabled an attacker to leverage Java.com for a phishing attack. Security tracking group Mitre has labeled URL Redirection as CWE-601 (Common Weakness Enumeration).
"An http parameter may contain a URL value and could cause the Web application to redirect the request to the specified URL," the CWE-601 definition states. "By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials."
The Java.com disclosure is not the first time that YGN has exposed security flaws in a major public facing website. At the end of March, YGN reported that McAfee.com was at risk from multiple security vulnerabilities.
A URL redirection flaw is a serious issue that could have enabled an attacker to leverage Java.com for a phishing attack. Security tracking group Mitre has labeled URL Redirection as CWE-601 (Common Weakness Enumeration).
"An http parameter may contain a URL value and could cause the Web application to redirect the request to the specified URL," the CWE-601 definition states. "By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials."
The Java.com disclosure is not the first time that YGN has exposed security flaws in a major public facing website. At the end of March, YGN reported that McAfee.com was at risk from multiple security vulnerabilities.
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
security-news