Preemptive Protection against Oracle JRE Restrictions Bypass Remote Code Execution (CVE-2012-4681)
|Check Point Reference:||CPAI-2012-622|
|Protection Provided by:||
Who is Vulnerable?
Java Runtime Environment (JRE) Applications
Multiple remote code execution vulnerabilities have been reported in Oracle Java Runtime Environment (JRE).
The vulnerabilities are due to restrictions bypass. A remote attacker can exploit these vulnerabilities by enticing a target user to open a malicious Java applet with the vulnerable application. Successful exploitation could allow an attacker to inject and execute code on the target.
This protection will detect and block attempts to exploit these vulnerabilities.No update is required to address this vulnerabilityUsers are protected against this vulnerability if the Java Signed Applet protection found in the Protection section of SBP-2011-07 has been applied.
To configure the defense, select your product from the list below and follow the related protection steps.
Security Gateway R75 / R71 / R70
How Can I Protect My Network?
- In the IPS tab, click Protections and find the Java Signed Applet protection using the Search tool and Edit the protection's settings.
- Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Java Signed Applet