it-sec-catalog/wiki/Javocalypse

1. Javocalypse

Check out this page: http://java-0day.com/ !

1.1. Vulnerability analysis

 

Nr	URL	Description	Date	Info
1	http://blog.cr0.org/2009/05/write-once-own-everyone.html	Write once, own everyone, Java deserialization issues	19-05-2009	CVE-2008-5353
2	http://www.mail-archive.com/full-disclosure@lists.grok.org.uk/msg40571.html	Java Deployment Toolkit Performs Insufficient Validation of Parameters	09-04-2010	N/A
3	http://www.symantec.com/connect/blogs/examination-java-vulnerability-cve-2012-1723	An Examination of Java Vulnerability CVE-2012-1723	27-07-2012	-
4	http://www.symantec.com/connect/blogs/exploitation-java-vulnerabilities	Exploitation of Java Vulnerabilities	16-08-2012	CVE-2012-0507,CVE-2012-1723
5	http://www.exploit-db.com/wp-content/themes/exploit/docs/21321.pdf	Java Applet Vulnerability Analysis (CVE-2012-4681)	25-08-2012	CVE-2012-4681
6	http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/	New Java 0day exploited in the wild	27-08-2012	N/A
7	http://scrammed.blogspot.de/2012/08/analysing-cve-2012-xxxx-latest-java-0day.html	Analysing CVE-2012-4681 (latest Java 0day)	27-08-2012	CVE-2012-4681
8	http://immunityproducts.blogspot.de/2012/08/java-0day-analysis-cve-2012-4681.html	Java 0day analysis (CVE-2012-4681)	28-08-2012	CVE-2012-4681
9	http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html	CVE-2012-4681 Java 7 0-Day vulnerability analysis	30-08-2012	CVE-2012-4681
10	http://blogs.technet.com/b/mmpc/archive/2012/11/15/a-technical-analysis-on-new-java-vulnerability-cve-2012-5076.aspx	A technical analysis on new Java vulnerability (CVE-2012-5076)	15-11-2012	CVE-2012-5076
11	http://www.exploit-db.com/download_pdf/23108/	Java Applet Vulnerability Analysis (CVE-2012-5076)	15-11-2012	CVE-2012-5076
12	http://immunityproducts.blogspot.de/2012/11/anonymousclassloader-java-exploitation.html	AnonymousClassLoader Java Exploitation Technique	23-11-2012	N/A
13	https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf	Java MBeanInstantiator.findClass 0day Analysis	11-01-2013	N/A
14	https://www-304.ibm.com/connections/blogs/xforce/entry/identity_crisis...	Identity Crisis - Would you consider the phone number of a local dentist private info? After all, a Credit Card number is just a bunch of digits too.	20-03-2013	CVE-2013-1493
15	http://www.contextis.com/research/blog/java-pwn2own/	JAVA PWN2OWN	19-04-2013	CVE-2013-1488
16	http://immunityproducts.blogspot.de/2013/04/yet-another-java-security-warning-bypass.html	Yet Another Java Security Warning Bypass	24-04-2013	N/A
17	https://www.accuvant.com/sites/default/files/downloads/pwn2own_2013_-_java_7_se_memory_corruption.pdf	Pwn2Own 2013: Java 7 SE Memory Corruption	21-05-2013	CVE-2013-1491
18	http://axtaxt.wordpress.com/2013/07/06/analysis-of-cve-2013-0809/	Analysis of CVE-2013-0809	06-07-2013	CVE-2013-0809
19	http://blog.sina.com.cn/s/blog_6fc131560101ddns.html	CVE-2013-5842: An example of race condition vulnerabilities in JVM	12-11-2013	CVE-2013-5842
20	http://www.pwntester.com//blog/2013/12/16/rce-through-deserialization-of-spring-defaultlistablebeanfactories-cve-2011-2894/	CVE-2011-2894: Deserialization Spring RCE	16-12-2013	CVE-2011-2894

 

1.2. Research

 

Nr	URL	Description	Date
1	http://www.blackhat.com/presentations/bh-asia-02/LSD/bh-asia-02-lsd-article.pdf	Java and Java Virtual Machine security vulnerabilities and their exploitation techniques	03-09-2002
2	http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf	Enterprise Java Rootkits	29-07-2009
3	http://media.blackhat.com/bh-ad-11/Drake/bh-ad-11-Drake-Exploiting_Java_Memory_Corruption-WP.pdf	Exploiting Memory Corruption Vulnerabilities in the Java Runtime	15-12-2011
4	http://www.security-explorations.com/materials/se-2012-01-report.pdf	Security Vulnerabilities in Java SE	14-11-2012
5	https://media.blackhat.com/bh-us-12/Briefings/Oh/BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf	Recent Java exploitation trends and malware	xx-08-2012

 

1.3. About Java Security

 

Nr	URL	Description
1	http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_Java	Same-origin policy for Java
2	http://slightlyrandombrokenthoughts.blogspot.de/	Blog by Sami Koivu
3	http://blog.cr0.org/2010/04/javacalypse.html	Javocalypse
4	http://www.cert.org/blogs/certcc/2013/01/anatomy_of_java_exploits.html	Anatomy of Java Exploits
5	http://www.jtmelton.com/wp-content/uploads/YearOfSecurityforJava.pdf	Years Of Security For Java
6	http://www.cert.org/blogs/certcc/2013/04/dont_sign_that_applet.html	Don't Sign that Applet!
7	http://www.cert.org/blogs/certcc/2008/06/signed_java_security_worse_tha.html	Signed Java Applet Security: Worse than ActiveX?

 

1.4. Mitigation

 

Nr	URL	Description	Date
1	http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse	Java zero day = time to disable Java, in your browser at least	30-08-2012
2	http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html	Java 7 0-Day vulnerability information and mitigation	30-08-2012
3	http://tojoswalls.blogspot.de/2013/05/java-web-vulnerability-mitigation-on.html	Java Web Vulnerability Mitigation on Windows	23-05-2013

转载于:https://www.cnblogs.com/by-3ks/articles/4096284.html