CVE-2021-35560
📋 TL;DR
This vulnerability in Oracle Java SE 8u301 allows an unauthenticated attacker to potentially compromise Java deployments via network protocols when a user interacts with malicious content. It primarily affects client systems running sandboxed Java Web Start applications or applets that load untrusted code from the internet. Server deployments running only trusted code are not affected.
💻 Affected Systems
- Oracle Java SE
📦 What is this software?
E Series Santricity Os Controller by Netapp
E Series Santricity Storage Manager by Netapp
View all CVEs affecting E Series Santricity Storage Manager →
E Series Santricity Web Services by Netapp
Openjdk by Oracle
⚠️ Risk & Real-World Impact
Worst Case
Complete takeover of the Java SE environment, allowing arbitrary code execution with the privileges of the Java process, potentially leading to full system compromise.
Likely Case
Attackers trick users into running malicious Java Web Start applications or applets, leading to data theft, malware installation, or system manipulation within the Java sandbox.
If Mitigated
If proper controls like network segmentation, application whitelisting, and user awareness training are implemented, the risk is significantly reduced as exploitation requires user interaction.
🎯 Exploit Status
Exploitation requires human interaction (user clicking/running malicious content) and network access via multiple protocols, making it difficult to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Java SE 8u311 or later (check Oracle CPU for exact fixed version)
Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2021.html
Restart Required: Yes
Instructions:
1. Download the latest Java SE 8 update from Oracle. 2. Uninstall the vulnerable version (8u301). 3. Install the patched version. 4. Restart affected systems and applications.
🔧 Temporary Workarounds
Disable Java Web Start and Applets
allPrevent execution of untrusted Java content by disabling Java Web Start and applets in browser/Java settings.
For Windows: Use Java Control Panel > Security tab > uncheck 'Enable Java content in browser'
For Linux/macOS: Configure Java security settings to disable applets and Web Start
Network Segmentation
allRestrict network access to Java deployments and block unnecessary protocols to reduce attack surface.
Use firewall rules to limit inbound/outbound traffic to Java applications
🧯 If You Can't Patch
- Implement application whitelisting to block unauthorized Java applications from running.
- Educate users about the risks of running untrusted Java content and enforce policies against it.
🔍 How to Verify
Check if Vulnerable:
Check Java version with 'java -version' command. If output shows '1.8.0_301', the system is vulnerable.Check Version:
java -versionVerify Fix Applied:
After patching, run 'java -version' to confirm version is 8u311 or higher.📡 Detection & Monitoring
Log Indicators:
- Unusual Java Web Start or applet execution logs
- Errors or warnings related to Java deployment security
Network Indicators:
- Suspicious network traffic to/from Java processes on unusual ports
- Multiple protocol attempts to Java deployments
SIEM Query:
source="java.log" AND (event="WebStart" OR event="applet") AND action="execute"🔗 References
- https://security.netapp.com/advisory/ntap-20211022-0004/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://security.netapp.com/advisory/ntap-20211022-0004/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.oracle.com/security-alerts/cpuoct2021.html
