Tagged Questions

0
votes
4answers
132 views

Is there a need to define “language safety”?

Language safety is not clearly defined while there're warnings about for instance Java. So how can you say that language is not safe while language safety is not clearly defined? If Java is unsafe ...
1
vote
2answers
2k views

How does Java 7 update 11 fix the security vulnerability?

There is a new Java released a couple days ago to resolve a hole that was recently discovered. (Oracle, US-CERT, NVD/NIST) In my initial reading about this update 11, I saw clearly where it by ...
21
votes
3answers
2k views

Should I be disabling Java?

First it was Apple, now it's the US government... U.S. urges users to disable Java; Apple disables some remotely New malware exploiting Java 7 in Windows and Unix systems How serious is this ...
4
votes
1answer
111 views

Security announcement mailing list for Java

I didn't find a security announcement mailing list for Java (from Oracle). How to get notified about new Java patches? I am not interested in other Oracle products. For example Apple provides such a ...
3
votes
1answer
443 views

Are OpenJDK and non-Windows systems vulnerable to the Sept. 25th 2012 Java vulnerability?

I have heard of this vulnerability, but although it was announced on the Full Disclosure list, it does not provide any details (other than a severity assessment). Does anyone have more info than me, ...
-4
votes
1answer
307 views

Exploiting tomcat's vulnerability CVE-2009-2693 Arbitrary file deletion and/or alteration on deploy [closed]

For some tests, I want to exploit tomcat 6 vulnerability CVE-2009-2693. You can see it here http://tomcat.apache.org/security-6.html I am trying this with insecure web application of OWASP. I made ...
4
votes
3answers
288 views

Vulnerable java applications

I am looking for some open source/free vulnerable JAVA based applications. It can be web application, desktop application or any other. I need them to do some experiments in my research work. They ...
22
votes
6answers
302 views

How to keep an eye on upgrades, patches and security issues for used open-source libraries?

For a project with many open-source libraries as a part of it, I began to search for information source concerning all upgrades and security issues. The kind of sources I gathered are either ...