Java 0-day Vulnerability

The front page of Slashdot today tells us that another Java 0-day has been found. It works in Metasploit and is being used in the wild. Turn off the Java plugin now! Never turn it back on.

The analysis of this seems to point to the getField function of sun.awt.SunToolkit. See the code below ... Read more »

Java CVEs

The main list of CVEs for Java can be found at CVE Details. Some have ended up under Oracle instead of Sun.

If you use Java on a server or on a mobile phone, there are different vulnerabilities. JBoss and Oracle Application Server are two of the most popular J2EE setups. Read more »