Graphics Interchange Format Java Archives (GIFAR) is a term for GIF files combined with the JAR file format. GIFARs could be uploaded to Web sites that allow image uploading, and then run as though they were part of the legitimate code of that site. Java was patched in JRE 6 Update 11, with a CVE published on December 4 2008. A GIFAR allowed an attacker to access the victim's HTTP cookies. This allows session hijacking, where the victim's logged-in user accounts can be accessed. For the attack to work, the victim must be logged into the Web site that is hosting the image.
Attributes | Values |
---|
rdf:type
| |
rdfs:label
| |
rdfs:comment
| - Graphics Interchange Format Java Archives (GIFAR) is a term for GIF files combined with the JAR file format. GIFARs could be uploaded to Web sites that allow image uploading, and then run as though they were part of the legitimate code of that site. Java was patched in JRE 6 Update 11, with a CVE published on December 4 2008. A GIFAR allowed an attacker to access the victim's HTTP cookies. This allows session hijacking, where the victim's logged-in user accounts can be accessed. For the attack to work, the victim must be logged into the Web site that is hosting the image. (en)
|
foaf:depiction
| |
dcterms:subject
| |
Wikipage page ID
| |
Wikipage revision ID
| |
Link from a Wikipage to another Wikipage
| |
Link from a Wikipage to an external page
| |
sameAs
| |
dbp:wikiPageUsesTemplate
| |
thumbnail
| |
colwidth
| |
has abstract
| - Graphics Interchange Format Java Archives (GIFAR) is a term for GIF files combined with the JAR file format. GIFARs could be uploaded to Web sites that allow image uploading, and then run as though they were part of the legitimate code of that site. Java was patched in JRE 6 Update 11, with a CVE published on December 4 2008. In this attack, GIF Java archive files (GIFARs) were uploaded to Web sites on the understanding that they are GIFs, and the file was then interpreted as a JAR file when viewed and executed. This circumvented the same-origin policy that browsers impose; bypassing the content validation usually used. Attackers reference this malicious image in the applet code on the hosted site, establishing cross-domain communication with the (your) target domain. This technique worked because GIF images store their header in the beginning of the file, and JAR files (as with any ZIP archive-based format) store their data at the tail. This attack is not unique to GIFs and JARs; there is a general class of vulnerabilities of file type combinations such as .doc, .jpg, etc. A GIFAR allowed an attacker to access the victim's HTTP cookies. This allows session hijacking, where the victim's logged-in user accounts can be accessed. GIFARs should not have been executed if the user is viewing the image; it had to be interpreted as a JAR not a GIF to run. For the attack to work, the victim must be logged into the Web site that is hosting the image. Any site that includes login sessions with user-uploaded pictures can be vulnerable. (en)
|
gold:hypernym
| |
prov:wasDerivedFrom
| |
page length (characters) of wiki page
| |
foaf:isPrimaryTopicOf
| |
is Link from a Wikipage to another Wikipage
of | |
is Wikipage redirect
of | |
is foaf:primaryTopic
of | |