发表新帖
发表新帖

JRE 1.7 Vulnerability

后端 未结
关注
2 508
醉话见心
醉话见心 2021-01-06 04:01

Today, our Enterprise Architect mentioned that a recent vulnerability was discovered in the JRE 1.7. I found an article the JRE 1.7 vulnerability recommending disabling Jav

2条回答
  • 遥遥无期
    遥遥无期 (楼主)
    2021-01-06 05:01

    The details of the latest vulnerability have not been made public. However, my understanding is that it only affects Java browser plugins. The recommended mitigation is to disable the Java browser plugins. No mention is made of non-plugin Java, so I think it is safe to assume that your dev machine is not vulnerable simply by virtue of having Java 7 installed.

    However, what about Java Web Start/JNLP? Could that get invoked?

    I don't think so. I think it is safe to assume that the people who found the problem would have thought of that potential attack vector. (But simple common sense says that you wouldn't want to be launching random JNLP programs in the first place ...)

    0 讨论(0)
 看不清?
提交回复
热议问题