FILE-JAVA -- Snort has detected traffic targeting vulnerabilities that are exploited in java files such as .class or .jar.
FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt
This rule looks for an attempt to exploit a missing primitive type check in Java's AtomicReferenceFieldUpdater. This could allow an untrusted Java application or applet to cause memory corruption and or bypass the Java sandbox.
Affected versions are listed as 5.0u65, 6u75, 7u60, and 8u5.
What To Look For
This event is generated when an attempt to exploit a missing type check in CVE-2014-4262 against Oracle Java.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
Technique: Exploitation for Client Execution
For reference, see the MITRE ATT&CK vulnerability types here:
Memory Corruption is any vulnerability that allows the modification of the content of memory locations in a way not intended by the developer. Memory corruption results are inconsistent; they could lead to fatal errors and system crashes or data leakage; some have no effect at all.
CVE Additional Information
CVE-2014-4262Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
||Ease of Access||