SHARE
CORE IMPACT v12 - Exploits Update (Thu Feb 02 2012)
Oracle Java SSL Chosen Plain Text Exploit
Exploits/Tools [Windows]
Thu Feb 02 2012
The SSL protocol encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack on an HTTPS session. This module attacks the SSLv3 implementation in the Oracle Java Runtime Enviroment. The module is capable of obtaining encrypted cookies from browsers running the affected Java Runtimes.
Exploits Vulnerabiltiy: CVE-2011-3389