This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
The hunt is on - 0day for java 1.7u10
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- The hunt is on - 0day for java 1.7u10
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-10-2013 01:21 PM
How many hours/days will it take for:
1) Wildfire customers
2) Regular customers
to get protected by a threat-db update regarding the latest 0day exploit for java 1.7u10 (and possible java 1.6u38) as descibed in:
Malware don't need Coffee: 0 day 1.7u10 spotted in the Wild - Disable Java Plugin NOW !
http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
http://www.cert.se/sarbarheter/sr/sr13-006-oracle-0-day-i-java
?
1 ACCEPTED SOLUTION
Accepted Solutions
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-11-2013 11:11 AM
Hello,
Content version 349 was just released with the following CVEs:
CVE-2013-0422
CVE-2013-0422
CVE-2012-1530
CVE-2013-0603
CVE-2013-0604
CVE-2013-0621
CVE-2013-0622
CVE-2013-0623
CVE-2013-0626
CVE-2013-0624
The content release is referring to Java JRE and Adobe Reader vulnerabilities, and may reference the 0-day vulnerability you mentioned, but only the first of the three sites has any of the current CVEs (and it only has one) so I can't be sure.
Best,
Greg Wesson
14 REPLIES 14
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-11-2013 06:47 AM
As I understand it, Wildfire won't help with the Java vuln per se, but it might help with the payloads delivered by the exploit. Wildfire only works on Windows executable files, correct?
I think it may be pretty hard to sig to the generic vulnerability for this. Most sigs are geared towards formatting idiosyncrasies found within a given exploit kit or even something as simple as the class file names for a specific version of the exploit.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-11-2013 07:36 AM
Hello,
Wildfire can not help you because it can only analyze EXE or DDL file...
In my point of view, only APT vendors (like FireEye, Damballa, etc) can help you...
Regards,
HA
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-11-2013 11:11 AM
Hello,
Content version 349 was just released with the following CVEs:
CVE-2013-0422
CVE-2013-0422
CVE-2012-1530
CVE-2013-0603
CVE-2013-0604
CVE-2013-0621
CVE-2013-0622
CVE-2013-0623
CVE-2013-0626
CVE-2013-0624
The content release is referring to Java JRE and Adobe Reader vulnerabilities, and may reference the 0-day vulnerability you mentioned, but only the first of the three sites has any of the current CVEs (and it only has one) so I can't be sure.
Best,
Greg Wesson
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-11-2013 12:24 PM
Hello
Could you confirm that you are able to download 349 at this moment?
I got email:
"
Announcement:
Now Available - Emergency Content Release 349
created by panagent in Palo
Alto Networks Live - View the announcement
Palo Alto Networks has issued emergency release 349 in response to"
But my PA-200 still reporting that 348 is latest release, also when I logged to PA support page in dynamic updates I cant find 349 relrase.
With regards
Slawek
Related Content
- Looking for some advice on Java Deserialization Protection and Jetbrains IDEA in Cortex XDR Discussions
- Applications hanging on terminal server since Cortex XDR Pro rollout in Cortex XDR Discussions
- Cordex XDR blocking SQL server connection in Cortex XDR Discussions
- CodeMeter protected application error "JVMTI" when using Cortex XDR in Cortex XDR Discussions
- 0day padding oracle exploit on PAN-OS master key decryption? in General Topics
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks