Re: Security-Assessment.com Advisory: Oracle JRE -

看板Bugtraq作者lcamtuf.時間15年前 (2010/10/21 06:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/3 (看更多)

> Security-Assessment.com follows responsible disclosure > and promptly contacted Oracle after discovering > the issue. Oracle was contacted on August 1, > 2010. My understanding is that Stefano Di Paola of Minded Security reported this back in April; and further, the feature was a part of reasonably well-documented functionality of Java pretty much ever since: http://download.oracle.com/javase/6/docs/api/java/net/URL.html "Two hosts are considered equivalent if both host names can be resolved into the same IP addresses" This was a pretty horrible design, so it's good to see it gone, though. /mz

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 lcamtuf. 的文章

文章代碼(AID): #1ClsQW_w (Bugtraq)