1. Ben Hermann
  2. Java Exploit Library

Overview

HTTPS SSH

Welcome to the Java Exploit Library

We are collecting illustrating examples for past exploits of Java and the JCL.

Covered Exploits

CVE-ID short description native? attack scheme affected versions
CVE-2012-4681 uses ClassFinder no Confused Deputy 7u0-6
CVE-2013-0422 uses MBeanInstantiator no Confused Deputy 6u0-39 & 7u0-13
CVE-2013-2460 uses MethodHandles.Lookup no Confused Deputy 7u<=21 6u<=45 5u<=45
CVE-2013-2463 yes
CVE-2013-2465 yes

Acknowledgments

EC SPRIDE

This work is supported by the German Ministry of Research and Education (BMBF) within EC SPRIDE.