Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Java Zero-Day Malware Attack: 6 Facts
Newest First  |  Oldest First  |  Threaded View
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
9/3/2012 | 4:03:44 PM
re: Java Zero-Day Malware Attack: 6 Facts
You are welcome, but then why do you still include links to this story in the many specialized and best of emails that come out days later? I received another link to this story today and by now I wondered if there is another flaw in the current version. Well, there is, but this article addresses the old, already fixed flaws. Your competition is much more on the ball.
1954 Stratocaster
50%
50%
1954 Stratocaster,
User Rank: Apprentice
8/31/2012 | 4:13:26 PM
re: Java Zero-Day Malware Attack: 6 Facts
I would like to see a "7th fact" about why Java 7 was vulnerable and Java 6 was/is not. Our current corporate standard -- yes, we have some corporate Web apps, both internal and contracted, which require Java -- is v6.x.
Mathew
50%
50%
Mathew,
User Rank: Apprentice
8/31/2012 | 10:53:35 AM
re: Java Zero-Day Malware Attack: 6 Facts
Thanks for the comment, moarsauce. Welcome to the fast-paced world of publishing, eh? Yes, after this story came out, Oracle issued its alert about the patch--which is a welcome fix. Our sister publication DarkReading has more on the Java 7 patch.
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
8/30/2012 | 11:31:01 PM
re: Java Zero-Day Malware Attack: 6 Facts
There is already a update out that addresses the vulnerability. Maybe it is worthwhile to be more up to speed with content and publishing.
Leo Regulus
50%
50%
Leo Regulus,
User Rank: Apprentice
8/30/2012 | 8:08:13 PM
re: Java Zero-Day Malware Attack: 6 Facts
Please forgive me for writing when you weren't reading. I have brought this up several times in the past.
GET THIS TO YOUR EDITOR:
You have made some client-unfriendly changes to your format.
When we hit the 'Print' Icon, we expect to see the entire article as one page and relatively 'free' of (insert your own euphemism).
On this article, it was necessary to go to page 2 to get the whole article.
The result was also littered with (insert your own euphemism).
What should have printed on 2 sheets took at least 5.
What callous disregard for the environment and your clients resources!


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-20691
PUBLISHED: 2021-09-27
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
CVE-2020-20692
PUBLISHED: 2021-09-27
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
CVE-2020-20693
PUBLISHED: 2021-09-27
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
CVE-2020-20695
PUBLISHED: 2021-09-27
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
CVE-2020-20696
PUBLISHED: 2021-09-27
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.