Center for Information Technology Services

Cyber Security Alerts (For Non-Technical Users)US Cert

  • TA13-134A: Microsoft Updates for Multiple Vulnerabilities
    Original release date: May 14, 2013

    Systems Affected

    • Microsoft Windows
    • Internet Explorer
    • Microsoft .NET Framework
    • Microsoft Lync
    • Microsoft Office
    • Microsoft Windows Essentials

    Overview

    Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

    Description

    The Microsoft Security Bulletin Summary for May 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address these vulnerabilities.

    Impact

    A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

    Solution

    Apply Updates

    Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for May 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

    References

    Revision History

    • Initial Release 5/14/2013

    This product is provided subject to this Notification and this Privacy & Use policy.
  • TA13-107A: Oracle Has Released Multiple Updates for Java SE
    Original release date: April 17, 2013 | Last revised: April 19, 2013

    Systems Affected

    • JDK and JRE 7 Update 17 and earlier
    • JDK and JRE 6 Update 43 and earlier
    • JDK and JRE 5.0 Update 41 and earlier
    • JavaFX 2.2.7 and earlier

    Overview

    Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle strongly recommends that customers apply CPU fixes as soon as possible.

    Description

    Oracle Java SE Critical Patch Update Advisory - April 2013 describes the update:

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert. Thus, prior Critical Patch Update and Security Alert advisories should be reviewed for information regarding earlier accumulated security fixes.

    Systems administrators are advised to pay additional attention to Oracle advisories due to the increasing volume of vulnerabilities being patched with each release.

    Impact

    A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

    Solution

    Apply Updates

    Oracle Java SE Critical Patch Update Advisory - April 2013 includes the following information:

    Developers can download the latest release from http://www.oracle.com/technetwork/java/javase/downloads/index.html.

    Users running Java SE with a browser can download the latest release from http://java.com. Users on the Windows and Mac OS X platforms can also use automatic updates to get the latest release.

    The latest JavaFX release is included with the latest update of JDK and JRE 7. For JDK and JRE 6 users, the latest Java FX release is available from http://www.oracle.com/technetwork/java/javafx/

    References

    Revision History

    • April 17, 2013: Initial release
    • April 18, 2013: Minor update to description

    This product is provided subject to this Notification and this Privacy & Use policy.
  • TA13-100A: Microsoft Updates for Multiple Vulnerabilities
    Original release date: April 10, 2013 | Last revised: April 11, 2013

    Systems Affected

    • Microsoft Windows
    • Microsoft Remote Desktop Client
    • Microsoft Antimalware Client
    • Microsoft Sharepoint

    Overview

    Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

    Description

    The Microsoft Security Bulletin Summary for April 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address these vulnerabilities.

    Impact

    A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

    Solution

    Apply Updates

    Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

    References

    Revision History

    • Initial Release
    • Fixed redirect links

    This product is provided subject to this Notification and this Privacy & Use policy.
  • TA13-088A: DNS Amplification Attacks
    Original release date: March 29, 2013 | Last revised: April 19, 2013

    Systems Affected

    • Domain Name System (DNS) servers

    Overview

    A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible open recursive DNS servers to overwhelm a victim system with DNS response traffic.

    Description

    A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible open recursive DNS servers to overwhelm a victim system with DNS response traffic. The basic attack technique consists of an attacker sending a DNS name lookup request to an open recursive DNS server with the source address spoofed to be the victim’s address. When the DNS server sends the DNS record response, it is sent instead to the victim. Attackers will typically submit a request for as much zone information as possible to maximize the amplification effect. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim. By leveraging a botnet to perform additional spoofed DNS queries, an attacker can produce an overwhelming amount of traffic with little effort. Additionally, because the responses are legitimate data coming from valid servers, it is especially difficult to block these types of attacks.

    While the attacks are difficult to prevent, network operators can implement several possible mitigation strategies. The primary element in the attack that is the focus of an effective long-term solution is the detection and elimination of open recursive DNS resolvers. These systems are typically legitimate DNS servers that have been improperly configured to respond to recursive queries on behalf of any system, rather than restricting recursive responses only to requests from local or authorized clients. By identifying these systems, an organization or network operator can reduce the number of potential resources that the attacker can employ in an attack.

    Impact

    A misconfigured Domain Name System (DNS) server can be exploited to participate in a Distributed Denial of Service (DDoS) attack.

    Solution

    DETECTION

    Several organizations offer free, web-based scanning tools that will search a network for vulnerable open DNS resolvers.  These tools will scan entire network ranges and list the address of any identified open resolvers.

    Open DNS Resolver Project
    http://openresolverproject.org
    The Open DNS Resolver Project has compiled a list of DNS servers that are known to serve as globally accessible open resolvers.  The query interface allows network administrators to enter IP ranges in CIDR format [1].

    The Measurement Factory
    http://dns.measurement-factory.com
    Like the Open DNS Resolver Project, the Measurement Factory maintains a list of Internet accessible DNS servers and allows administrators to search for open recursive resolvers [2].  In addition, the Measurement Factory offers a free tool to directly test an individual DNS resolver to determine if it allows open recursion.  This will allow an administrator to determine if configuration changes are necessary and verify that configuration changes have been effective [3].  Finally, the site offers statistics showing the number of open resolvers detected on the various Autonomous System (AS) networks, sorted by the highest number found [4].

    DNSInspect
    http://www.dnsinspect.com
    Another freely available, web-based tool for testing DNS resolvers is DNSInspect.  This site is similar to The Measurement Factory’s ability to test a specific resolver for vulnerability, but offers the ability to test an entire DNS Zone for several other potential configuration and security issues [5].

    Indicators

    In a typical recursive DNS query, a client sends a query request to a local DNS server requesting the resolution of a name or the reverse resolution of an IP address.  The DNS server performs the necessary queries on behalf of the client and returns a response packet with the requested information or an error [6, page 21].  The specification does not allow for unsolicited responses.  In a DNS amplification attack, the key indicator is a query response without a matching request.  

    MITIGATION

    Unfortunately, due to the overwhelming traffic volume that can be produced by one of these attacks, there is often little that the victim can do to counter a large-scale DNS amplification-based distributed denial-of-service attack.  While the only effective means of eliminating this type of attack is to eliminate open recursive resolvers, this requires a large-scale effort by numerous parties.  According to the Open DNS Resolver Project, of the 27 million known DNS resolvers on the Internet, approximately “25 million pose a significant threat” of being used in an attack [1].  However, several possible techniques are available to reduce the overall effectiveness of such attacks to the Internet community as a whole.  Where possible, configuration links have been provided to assist administrators with making the recommended changes.  The configuration information has been limited to BIND9 and Microsoft’s DNS Server, which are two widely deployed DNS servers.  If you are running a different DNS server, please see your vendor’s documentation for configuration details.

    Source IP Verification

    Because the DNS queries being sent by the attacker-controlled clients must have a source address spoofed to appear as the victim’s system, the first step to reducing the effectiveness of DNS amplification is for Internet Service Providers to deny any DNS traffic with spoofed addresses.  The Network Working Group of the Internet Engineering Task Force released a Best Current Practice document in May 2000 that describes how an Internet Service Provider can filter network traffic on their network to drop packets with source addresses not reachable via the actual packet’s path [7]. The changes recommended in this document would cause a routing device to test whether it is possible to reach the source address of the packet via the interface that transmitted the packet. If it is not possible, then the packet obviously has a spoofed source address. This configuration change would considerably reduce the potential for most current types of DDoS attacks.

    Disabling Recursion on Authoritative Name Servers

    Many of the DNS servers currently deployed on the Internet are exclusively intended to provide name resolution for a single domain.  These systems do not need to support resolution of other domains on behalf of a client, and therefore should be configured with recursion disabled.

    Bind9

    Add the following to the global options [8]:
    options {
         allow-query-cache { none; };
         recursion no;
    };

    Microsoft DNS Server

    In the Microsoft DNS console tool [9]:

    1. Right-click the DNS server and click Properties.
    2. Click the Advanced tab.
    3. In Server options, select the “Disable recursion” check box, and then click OK.

    Limiting Recursion to Authorized Clients

    For DNS servers that are deployed within an organization or ISP to support name queries on behalf of a client, the resolver should be configured to only allow queries on behalf of authorized clients.  These requests should typically only come from clients within the organization’s network address range.

    BIND9

    In the global options, add the following [10]:
    acl corpnets { 192.168.1.0/24; 192.168.2.0/24; };
    options {
      allow-query { corpnets; };
      allow-recursion { corpnets; };
    };

    Microsoft DNS Server

    It is not currently possible to restrict recursive DNS requests to a specific client address range in Microsoft DNS Server.  The most effective means of approximating this functionality is to configure the internal DNS server to forward queries to an external DNS server and restrict DNS traffic in the firewall to restrict port 53 UDP traffic to the internal server and the external forwarder [11].

    Rate Limiting Response of Recursive Name Servers

    There is currently an experimental feature available as a set of patches for BIND9 that allows an administrator to restrict the number of responses per second being sent from the name server [12].  This is intended to reduce the effectiveness of DNS amplification attacks by reducing the volume of traffic coming from any single resolver.

    BIND9

    There are currently patches available for 9.8.latest and 9.9.latest to support RRL on UNIX systems. Red Hat has made updated packages available for Red Hat Enterprise Linux 6 to provide the necessary changes in advisory RHSA-2013:0550-1. On BIND9 implementation running the RRL patches, add the following lines to the options block of the authoritative views [13]:
    rate-limit {
        responses-per-second 5;
        window 5;
    };

    Microsoft DNS Server

    This option is currently not available for Microsoft DNS Server.

    References

    Revision History

    • March 29, 2013: Initial release
    • April 18th, 2013: Minor updates to Description and Solution sections(Source IP Verification and BIND9)

    This product is provided subject to this Notification and this Privacy & Use policy.
  • TA13-071A: Microsoft Updates for Multiple Vulnerabilities
    Original release date: March 12, 2013 | Last revised: April 11, 2013

    Systems Affected

    • Microsoft Windows
    • Microsoft Internet Explorer
    • Microsoft Office
    • Microsoft Server Software
    • Microsoft Silverlight

     

    Overview

    Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

    Description

    The Microsoft Security Bulletin Summary for March 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address these vulnerabilities.

    Impact

    A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

    Solution

    Apply Updates

    Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for March 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

    References

    Revision History

    • March 12, 2013: Initial release

    This product is provided subject to this Notification and this Privacy & Use policy.
  • TA13-064A: Oracle Java Contains Multiple Vulnerabilities
    Original release date: March 05, 2013

    Systems Affected

    Any system using Oracle Java 7, 6, 5 (1.7, 1.6, 1.5) including

    • Java Platform Standard Edition 7 (Java SE 7)
    • Java Platform Standard Edition 6 (Java SE 6)
    • Java Platform Standard Edition 6 (Java SE 5)
    • Java SE Development Kit (JDK 7)
    • Java SE Development Kit (JDK 6)
    • Java SE Development Kit (JDK 5)
    • Java SE Runtime Environment (JRE 7)
    • Java SE Runtime Environment (JRE 6)
    • Java SE Runtime Environment (JRE 5)
    • OpenJDK 6 and 6u
    • IcedTea 1.x (IcedTea6 1.x)

    All versions of Java 7 through update 15, Java 6 through update 41, and Java 5.0 through update 40 are affected.  Web browsers using the Java 5, 6 or 7 plug-in are at high risk.

    Overview

    Oracle Java 7 update 15, Java 6 update 41, Java 5.0 update 40, and earlier versions of Java contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

    Description

    An arbitrary memory read and write vulnerability in the Java JVM process could allow an attacker to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate website and upload a malicious Java applet (a "drive-by download" attack).

    Any web browser using the Java 5, 6, or 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors.

    Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available.

    Further technical details are available in Vulnerability Note VU#688246.

    Impact

    By convincing a user to load a malicious Java applet or Java Network Launching Protocol (JNLP) file, an attacker could execute arbitrary code on a vulnerable system with the privileges of the Java plug-in process. Note that applications that use the Internet Explorer web-content-rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for these vulnerabilities.

    Solution

    Update Java

    Oracle Security Alert for CVE-2013-1493 states that Java 7 Update 17 (7u17) and and Java 6 Update 43 address this vulnerability (CVE-2013-1493) and a different but equally severe vulnerability (CVE-2013-0809).

    Java 7 Update 17 sets the default Java security settings to "High" so that users will be prompted before running unsigned or self-signed Java applets.

    Disable Java in Web Browsers

    This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against these vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment.

    Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. According to Setting the Security Level of the Java Client,

    For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab.

    If you are unable to update to Java 7 Update 10, see the solution section of Vulnerability Note VU#636312 for instructions on how to disable Java on a per-browser basis.

    References

    Revision History

    • March 5, 2013: Initial release

    This product is provided subject to this Notification and this Privacy & Use policy.
  • TA13-051A: Oracle Java Multiple Vulnerabilities
    Original release date: February 20, 2013

    Systems Affected

    Any system using Oracle Java including

    • JDK and JRE 7 Update 13 and earlier
    • JDK and JRE 6 Update 39 and earlier
    • JDK and JRE 5.0 Update 39 and earlier
    • SDK and JRE 1.4.2_41 and earlier

    Web browsers using the Java plug-in are at high risk.

    Overview

    Multiple vulnerabilities in Java could allow an attacker to execute arbitrary code on a vulnerable system.

    Description

    The Oracle Java SE Critical Patch Update Advisory Update for February 2013 addresses multiple vulnerabilities in the Java Runtime Environment (JRE). An additional five fixes that had been previously planned for delivery are in this update. This distribution therefore completes the content for all originally planned fixes to be included in the Java SE Critical Patch Update for February 2013. 

    Both Java applets delivered via web browsers and stand-alone Java applications are affected, however web browsers using the Java plug-in are at particularly high risk.

    The Java plug-in, the Java Deployment Toolkit plug-in, and Java Web Start can be used as attack vectors. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate website and upload a malicious Java applet (a "drive-by download" attack).

    Some vulnerabilities affect stand-alone Java applications, depending on how the Java application functions and how it processes untrusted data.

    Reports indicate that at least one of these vulnerabilities is being actively exploited.

    Impact

    By convincing a user to load a malicious Java applet or Java Network Launching Protocol (JNLP) file, an attacker could execute arbitrary code on a vulnerable system with the privileges of the Java plug-in process.

    Stand-alone java applications may also be affected.

    Solution

    Update Java

    The Oracle Java SE Critical Patch Update Advisory Update for February 2013 states that Java 7 Update 15 and Java 6 Update 41 address these vulnerabilities.

    Disable Java in web browsers

    These and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates have been installed. As with any software, unnecessary features should be disabled or removed as appropriate for your environment.

    Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. From Setting the Security Level of the Java Client:

    For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab.

    If you are unable to update to at least Java 7 Update 10, please see the solution section of Vulnerability Note VU#636312 for instructions on how to disable Java on a per-browser basis.

    Restrict access to Java applets

    Network administrators unable to disable Java in web browsers may be able to help mitigate these and other Java vulnerabilities by restricting access to Java applets using a web proxy. Most web proxies have features that can be used to block or whitelist requests for .jar and .class files based on network location. Filtering requests that contain a Java User-Agent header may also be effective. For environments where Java is required on the local intranet, the proxy can be configured to allow access to Java applets hosted locally, but block access to Java applets on the internet.

    References

    Revision History

    • February 20, 2013: Initial release

    This product is provided subject to this Notification and this Privacy & Use policy.
  • TA13-043B: Microsoft Updates for Multiple Vulnerabilities
    Original release date: February 12, 2013

    Systems Affected

    • Microsoft Windows
    • Microsoft Internet Explorer
    • Microsoft Office
    • Microsoft Server Software
    • Microsoft .NET Framework

    Overview

    Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

    Description

    The Microsoft Security Bulletin Summary for February 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities.

    Impact

    A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

    Solution

    Apply Updates

    Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for February 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

    References

    Revision History

    • February 12, 2013: Initial release

    This product is provided subject to this Notification and this Privacy & Use policy.
  • TA13-043A: Adobe Updates for Multiple Vulnerabilities
    Original release date: February 12, 2013

    Systems Affected

    • Adobe Flash Player 11.5.502.149 and earlier versions for Windows and Macintosh
    • Adobe Flash Player 11.2.202.262 and earlier versions for Linux
    • Adobe Flash Player 11.1.115.37 and earlier versions for Android 4.x
    • Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and 2.x
    • Adobe AIR 3.5.0.1060 and earlier versions
    • Adobe AIR 3.5.0.1060 SDK and earlier versions
    • Adobe Shockwave Player 11.6.8.638 and earlier versions for Windows and Macintosh

    Overview

    Select Adobe software products contain multiple vulnerabilities. Adobe has released updates to address these vulnerabilities.

    Description

    Adobe Security Bulletin APSB13-05 and APSB13-06 describe multiple vulnerabilities in Adobe software. Adobe has released updates to address the vulnerabilities.

    Impact

    A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

    Solution

    Apply Updates

    Adobe has provided updates for these vulnerabilities in Adobe Security Bulletin APSB13-05 and APSB13-06.

    References

    Revision History

    • February 12, 2013: Initial release

    This product is provided subject to this Notification and this Privacy & Use policy.
  • TA13-032A: Oracle Java Multiple Vulnerabilities
    Original release date: February 01, 2013 | Last revised: February 06, 2013

    Systems Affected

    Any system using Oracle Java including

    • JDK and JRE 7 Update 11 and earlier
    • JDK and JRE 6 Update 38 and earlier
    • JDK and JRE 5.0 Update 38 and earlier
    • SDK and JRE 1.4.2_40 and earlier
    • JavaFX 2.2.4 and earlier
    • Java 1.6.0_37 and earlier for Mac OS X and OS X Server 10.6.8

    Web browsers using the Java plug-in are at high risk.

    Overview

    Multiple vulnerabilities in Java could allow an attacker to execute arbitrary code on a vulnerable system.

    Description

    The Oracle Java SE Critical Patch Update Advisory for February 2013 addresses multiple vulnerabilities in the Java Runtime Environment (JRE). Both Java applets delivered via web browsers and stand-alone Java applications are affected, however web browsers using the Java plug-in are at particularly high risk.

    The Java plug-in, the Java Deployment Toolkit plug-in, and Java Web Start can be used as attack vectors. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a "drive-by download" attack).

    Some vulnerabilities affect stand-alone Java applications, depending on how the Java application functions and how it processes untrusted data.

    Reports indicate that at least one of these vulnerabilities is being actively exploited.

    Further technical details are available in Vulnerability Note VU#858729.

    Impact

    By convincing a user to load a malicious Java applet or Java Network Launching Protocol (JNLP) file, an attacker could execute arbitrary code on a vulnerable system with the privileges of the Java plug-in process.

    Stand-alone java applications may also be affected.

    Solution

    Update Java

    The Oracle Java SE Critical Patch Update Advisory for February 2013 states that Java 7 Update 13 and Java 6 Update 39 address these vulnerabilities.

    Disable Java in web browsers

    These and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates have been installed. As with any software, unnecessary features should be disabled or removed as appropriate for your environment.

    Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. From Setting the Security Level of the Java Client:

    For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab.

    If you are unable to update to Java 7 Update 13 please see the solution section of Vulnerability Note VU#636312 for instructions on how to disable Java on a per-browser basis.

    Restrict access to Java applets

    Network administrators unable to disable Java in web browsers may be able to help mitigate these and other Java vulnerabilities by restricting access to Java applets using a web proxy. Most web proxies have features that can be used to block or whitelist requests for .jar and .class files based on network location. Filtering requests that contain a Java User-Agent header may also be effective. For environments where Java is required on the local intranet, the proxy can be configured to allow access to Java applets hosted locally, but block access to Java applets on the internet.

    References

    Revision History

    • February 01, 2013: Initial release
    • February 05, 2013: Updated affected Java versions

    This product is provided subject to this Notification and this Privacy & Use policy.