1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Oracle Java Rhino Script Engine CVE-2011-3544

Web Attack: Oracle Java Rhino Script Engine CVE-2011-3544

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit Rhino Script Engine Remote Code Execution Vulnerability.

Additional Information

Oracle Java SE is prone to a remote code-execution vulnerability in Java Runtime Environment.

The vulnerability can be exploited over multiple protocols. This issue affects the 'Scripting' sub-component. The problem occurs because the Java ScriptingEngine does not properly handle Rhino Javascript errors. This can result in unprivileged code running in a privileged context.

This vulnerability affects the following supported versions:
JDK and JRE 7, 6 Update 27

Affected

  • JDK and JRE 7, 6 Update 27

Response

Updates are available. Please see the references for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube