ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

Topic: Java Security

Java JDE Allows Unauthorized Commands

Welcome to Security Alerts, an overview of recent Unix and open-source security advisories. In this column, we look at a problem in Java that allows Java code to execute unauthorized commands. Some versions of Sun's JRE (Java Runtime Environment), SDK (System Development Kit), and the JDK (Java Development Kit) have a bug that can allow Java code to execute unauthorized commands. This bug is mitigated by the requirement that the malicious code have permission to execute at least one command. Sun has reported that they have no knowledge of the bug affecting Netscape Navigator or Microsoft Explorer.

Author(s): Noel Davis
Updated: 03/13/2001
Organization: O'Reilly Network