This discussion is archived
0 Replies Latest reply: Sep 28, 2012 4:11 PM by user467396 - oracle RSS


user467396 - oracle Newbie
Currently Being Moderated
SecLists claims to have "discovered yet another security vulnerability" It is unclear to me if they are talking about a vulnerability in addition to CVE-2012-4681 and whether the findings will be bundled into CVE-2012-4681. I intend to inquire internally whether exploitable code exists for any vulnerabilities subsequent to -4681. There does not seem to be a new CVE number associated with seclist's finding.

I'm also hoping to open some forum discussion to help us understand better the scope of the threat. The CVE-2012-4681 references the Oracle press release which indicates "These vulnerabilities are not applicable to Java running on servers or standalone Java desktop applications" Why would only browser clients be vulnerable? Wouldn't standalone clients that might attempt to retrieve a URL that may contain malicious code also be at risk?


  • Correct Answers - 10 points
  • Helpful Answers - 5 points