Is [Your] Java Exploitable?

Blog Post created by mjc on Mar 30, 2012

There were too big news stories in the Java Exploitation landscape this week:


  1. Blackhole Exploit Kit added an exploit for CVE-2012-0507
  2. Metasploit added exploit for CVE-2012-0507


In order to help users and organization's do a quick field test to see if they are exploitable to these attacks, I crafted a Java version check now available at IsJavaExploitable.com


Here is a screen capture of the version check in action:


Is Java Exploitable.png

Here is a info-graphic I created based on my research which was added as an update to the Krebs blog post:




To test if your machine is exploitable, go to IsJavaExploitable.com. If you need a tool to find vulnerable machines on your network, get the free Nexpose Community Edition vulnerability scanner.