Mon premier blog

Java Deployment with JNLP and WebStart Mauro Marinilli
Publisher: Sams

The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors. By convincing a user to load a malicious Java applet or Java Network Launching Protocol (JNLP) file, an attacker could execute arbitrary code on a vulnerable system with the privileges of the Java plug-in process. Here is my hello.jnlp file Java Code: . Installing Java 7 on my shiny new MacBook Pro with Retina display made all Java Web Start programs look absolutely crap by doing some not-too-fancy scaling on the graphics. Actually, there is no tutorial for creating a JNLP file, just a vague example. We hav a JNLP configuration where versioning is enabled ie: . And we are using version numbers of each jar eg: security: Validating cached jar url=http://servername/lib/project_V2.5.7.1.jar ffile=C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache\6.0\10\57344cca-719709af-2.5.7.1- com.sun.deploy.cache. Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available. Hi I have a problem with Java Webstart. Further technical details are available in Vulnerability Impact. Anyone who has deployed any large application using Java Web Start 1.5 or 1.6 over a slow WAN or through some kind of SSL proxy has noticed the extreme number of connections that can be initiated during application startup.