Any Java 7 application that accepts serialized objects (RMI, JMX, sockets, HTTP sessions, etc.) is likely exploitable using tools like – which has a full suite of gadgets for Java 7.
is a flaw in the Java AWT library that allowed an untrusted Java applet to elevate privileges. CVE-2017-3289 affected the Java Deployment Toolkit. With Update 80, there is no defense against these except to disable the entire Java browser plugin. java 7 update 80 vulnerabilities
: Patches were implemented to mitigate arbitrary memory read/write vulnerabilities that could otherwise allow remote code execution through malicious applets. CISA (.gov) Known Risks of Staying on Update 80 Any Java 7 application that accepts serialized objects
While primarily associated with Java 15+, the underlying logic of how ECDSA signatures are handled in legacy environments can often be exploited if backported libraries are used. Why Organizations Still Use Java 7u80 With Update 80, there is no defense against