OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: BrownOrifice can break firewalls!
From: TAKAGI, Hiromitsu (takagiETL.GO.JP)
Date: Fri Aug 11 2000 - 15:33:29 CDT

On Thu, 10 Aug 2000 09:04:32 +0200
"Greulich, Andreas" <Andreas.GreulichISB.ADMIN.CH> wrote:
> I am quite surprised about the low echo the newest bug in Netscapes Java
> library (see http://www.brumleve.com/BrownOrifice/) receives. I am quite
> worried about it because I think its impact is much higher than the
> "WWW-server-applet" you find on above page.

This can be verified by trying the following refined proof of concept
Applet.
http://java-house.etl.go.jp/~takagi/java/test/Brumleve-BrownOrifice-modified-netscape.net.URLConnection/Test.html

I have confirmed that Mac OS version is also affected.

Regards, 

--
Hiromitsu Takagi
Electrotechnical Laboratory
http://www.etl.go.jp/~takagi/