HTTPS SSH

Welcome to the Java Exploit Library

We are collecting illustrating examples for past exploits of Java and the JCL.

Covered Exploits

CVE-ID short description native? attack scheme affected versions
CVE-2012-4681 uses ClassFinder no Confused Deputy 7u0-6
CVE-2013-0422 uses MBeanInstantiator no Confused Deputy 6u0-39 & 7u0-13
CVE-2013-2460 uses MethodHandles.Lookup no Confused Deputy 7u<=21 6u<=45 5u<=45
CVE-2013-2463 yes
CVE-2013-2465 yes

Acknowledgments

EC SPRIDE

This work is supported by the German Ministry of Research and Education (BMBF) within EC SPRIDE.