it-sec-catalog/wiki/Javocalypse

1. Javocalypse

Check out this page: http://java-0day.com/ !

1.1. Vulnerability analysis

 

Nr URL Description Date Info
1 http://blog.cr0.org/2009/05/write-once-own-everyone.html Write once, own everyone, Java deserialization issues 19-05-2009 CVE-2008-5353
2 http://www.mail-archive.com/full-disclosure@lists.grok.org.uk/msg40571.html Java Deployment Toolkit Performs Insufficient Validation of Parameters 09-04-2010 N/A
3 http://www.symantec.com/connect/blogs/examination-java-vulnerability-cve-2012-1723 An Examination of Java Vulnerability CVE-2012-1723 27-07-2012 -
4 http://www.symantec.com/connect/blogs/exploitation-java-vulnerabilities Exploitation of Java Vulnerabilities 16-08-2012 CVE-2012-0507,CVE-2012-1723
5 http://www.exploit-db.com/wp-content/themes/exploit/docs/21321.pdf Java Applet Vulnerability Analysis (CVE-2012-4681) 25-08-2012 CVE-2012-4681
6 http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/ New Java 0day exploited in the wild 27-08-2012 N/A
7 http://scrammed.blogspot.de/2012/08/analysing-cve-2012-xxxx-latest-java-0day.html Analysing CVE-2012-4681 (latest Java 0day) 27-08-2012 CVE-2012-4681
8 http://immunityproducts.blogspot.de/2012/08/java-0day-analysis-cve-2012-4681.html Java 0day analysis (CVE-2012-4681) 28-08-2012 CVE-2012-4681
9 http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html CVE-2012-4681 Java 7 0-Day vulnerability analysis 30-08-2012 CVE-2012-4681
10 http://blogs.technet.com/b/mmpc/archive/2012/11/15/a-technical-analysis-on-new-java-vulnerability-cve-2012-5076.aspx A technical analysis on new Java vulnerability (CVE-2012-5076) 15-11-2012 CVE-2012-5076
11 http://www.exploit-db.com/download_pdf/23108/ Java Applet Vulnerability Analysis (CVE-2012-5076) 15-11-2012 CVE-2012-5076
12 http://immunityproducts.blogspot.de/2012/11/anonymousclassloader-java-exploitation.html AnonymousClassLoader Java Exploitation Technique 23-11-2012 N/A
13 https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf Java MBeanInstantiator.findClass 0day Analysis 11-01-2013 N/A
14 https://www-304.ibm.com/connections/blogs/xforce/entry/identity_crisis... Identity Crisis - Would you consider the phone number of a local dentist private info? After all, a Credit Card number is just a bunch of digits too. 20-03-2013 CVE-2013-1493
15 http://www.contextis.com/research/blog/java-pwn2own/ JAVA PWN2OWN 19-04-2013 CVE-2013-1488
16 http://immunityproducts.blogspot.de/2013/04/yet-another-java-security-warning-bypass.html Yet Another Java Security Warning Bypass 24-04-2013 N/A
17 https://www.accuvant.com/sites/default/files/downloads/pwn2own_2013_-_java_7_se_memory_corruption.pdf Pwn2Own 2013: Java 7 SE Memory Corruption 21-05-2013 CVE-2013-1491
18 http://axtaxt.wordpress.com/2013/07/06/analysis-of-cve-2013-0809/ Analysis of CVE-2013-0809 06-07-2013 CVE-2013-0809
19 http://blog.sina.com.cn/s/blog_6fc131560101ddns.html CVE-2013-5842: An example of race condition vulnerabilities in JVM 12-11-2013 CVE-2013-5842
20 http://www.pwntester.com//blog/2013/12/16/rce-through-deserialization-of-spring-defaultlistablebeanfactories-cve-2011-2894/ CVE-2011-2894: Deserialization Spring RCE 16-12-2013 CVE-2011-2894

 

1.2. Research

 

Nr URL Description Date
1 http://www.blackhat.com/presentations/bh-asia-02/LSD/bh-asia-02-lsd-article.pdf Java and Java Virtual Machine security vulnerabilities and their exploitation techniques 03-09-2002
2 http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Enterprise Java Rootkits 29-07-2009
3 http://media.blackhat.com/bh-ad-11/Drake/bh-ad-11-Drake-Exploiting_Java_Memory_Corruption-WP.pdf Exploiting Memory Corruption Vulnerabilities in the Java Runtime 15-12-2011
4 http://www.security-explorations.com/materials/se-2012-01-report.pdf Security Vulnerabilities in Java SE 14-11-2012
5 https://media.blackhat.com/bh-us-12/Briefings/Oh/BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf Recent Java exploitation trends and malware xx-08-2012

 

1.3. About Java Security

 

Nr URL Description
1 http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_Java Same-origin policy for Java
2 http://slightlyrandombrokenthoughts.blogspot.de/ Blog by Sami Koivu
3 http://blog.cr0.org/2010/04/javacalypse.html Javocalypse
4 http://www.cert.org/blogs/certcc/2013/01/anatomy_of_java_exploits.html Anatomy of Java Exploits
5 http://www.jtmelton.com/wp-content/uploads/YearOfSecurityforJava.pdf Years Of Security For Java
6 http://www.cert.org/blogs/certcc/2013/04/dont_sign_that_applet.html Don't Sign that Applet!
7 http://www.cert.org/blogs/certcc/2008/06/signed_java_security_worse_tha.html Signed Java Applet Security: Worse than ActiveX?

 

1.4. Mitigation

 

Nr URL Description Date
1 http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse Java zero day = time to disable Java, in your browser at least 30-08-2012
2 http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html Java 7 0-Day vulnerability information and mitigation 30-08-2012
3 http://tojoswalls.blogspot.de/2013/05/java-web-vulnerability-mitigation-on.html Java Web Vulnerability Mitigation on Windows 23-05-2013
posted @ 2014-11-14 00:11  by_3ks  阅读(712)  评论(0编辑  收藏  举报