Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Software | From | Fixed in |
---|---|---|
sun / java | - | 1.6.0.x |
sun / java | 1.6.0 | 1.6.0.x |
sun / java | 1.6.0-01 | 1.6.0-01.x |
sun / java | 1.6.0-02 | 1.6.0-02.x |