JNLP Injection Exploit?

The public knowledge pool and discussion forum of the OWS community. Do not post confidential information here!
Posts: 5
Joined: 14 Feb 2022, 17:28

JNLP Injection Exploit?

Post by Bill_V »

Is OpenWebStart vulnerable to the exploit(s) detailed here: https://cybir.com/wp-content/uploads/20 ... elease.pdf
If so, is there a patch coming, or a is there a way to configure it so that it's not vulnerable?
Thanks in advance.

Janak Mulani
Posts: 809
Joined: 24 Mar 2020, 13:37

Re: JNLP Injection Exploit?

Post by Janak Mulani »


We have seen this document earlier.

OWS allows you to specify a server whitelist for downloading jnlp and jars so that you can download signed files jnlp and jars from a trusted server using https.

Post Reply