Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Sun JDK/JRE: Multiple vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | GLSA-200804-20 | First vendor Publication | 2008-04-17 |
| Vendor | Gentoo | Last vendor Modification | 2008-04-17 |
| Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Synopsis Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). Background Description * Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable when launched by Java WebStart (CVE-2007-3655). * Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788, * The Zero Day Initiative, TippingPoint and John Heasman reported multiple buffer overflows and unspecified vulnerabilities in Java Web Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191). * Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue when performing XSLT transformations (CVE-2008-1187). * CERT/CC reported a Stack-based buffer overflow in Java Web Start when using JNLP files (CVE-2008-1196). * Azul Systems reported an unspecified vulnerability that allows applets to escalate their privileges (CVE-2007-5689). * Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, * Peter Csepely reported that Java Web Start does not properly enforce access restrictions for untrusted applications (CVE-2007-5237, CVE-2007-5238). * Java Web Start does not properly enforce access restrictions for untrusted Java applications and applets, when handling drag-and-drop operations (CVE-2007-5239). * Giorgio Maone discovered that warnings for untrusted code can be hidden under applications' windows (CVE-2007-5240). * Fujitsu reported two security issues where security restrictions of web applets and applications were not properly enforced (CVE-2008-1185, CVE-2008-1186). * John Heasman of NGSSoftware discovered that the Java Plug-in does not properly enforce the same origin policy (CVE-2008-1192). * Chris Evans of the Google Security Team discovered multiple unspecified vulnerabilities within the Java Runtime Environment Image Parsing Library (CVE-2008-1193, CVE-2008-1194). * Gregory Fleischer reported that web content fetched via the "jar:" * Chris Evans and Johannes Henkel of the Google Security Team reported that the XML parsing code retrieves external entities even when that feature is disabled (CVE-2008-0628). * Multiple unspecified vulnerabilities might allow for escalation of privileges (CVE-2008-0657). Impact Workaround Resolution All Sun JDK users should upgrade to the latest version: All emul-linux-x86-java users should upgrade to the latest version: References Availability http://security.gentoo.org/glsa/glsa-200804-20.xml |
Original Source
| Url : http://security.gentoo.org/glsa/glsa-200804-20.xml |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-201 | External Entity Attack |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 58 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 21 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 11 % | CWE-254 | Security Features |
| 5 % | CWE-399 | Resource Management Errors |
| 5 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:21711 | |||
| Oval ID: | oval:org.mitre.oval:def:21711 | ||
| Title: | ELSA-2007:0817: java-1.4.2-ibm security update (Critical) | ||
| Description: | The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2007:0817-01 CVE-2007-2435 CVE-2007-2788 CVE-2007-2789 | Version: | 17 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21767 | |||
| Oval ID: | oval:org.mitre.oval:def:21767 | ||
| Title: | ELSA-2008:0555: java-1.4.2-ibm security update (Critical) | ||
| Description: | Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0555-01 CVE-2008-1187 CVE-2008-1196 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21783 | |||
| Oval ID: | oval:org.mitre.oval:def:21783 | ||
| Title: | ELSA-2007:0963: java-1.5.0-sun security update (Important) | ||
| Description: | The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2007:0963-01 CVE-2007-5232 CVE-2007-5238 CVE-2007-5239 CVE-2007-5240 CVE-2007-5273 CVE-2007-5274 CVE-2007-5689 | Version: | 33 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22027 | |||
| Oval ID: | oval:org.mitre.oval:def:22027 | ||
| Title: | ELSA-2008:0243: java-1.4.2-bea security update (Moderate) | ||
| Description: | Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0243-01 CVE-2008-1187 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-bea |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22181 | |||
| Oval ID: | oval:org.mitre.oval:def:22181 | ||
| Title: | ELSA-2008:0245: java-1.6.0-bea security update (Moderate) | ||
| Description: | Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0245-01 CVE-2008-0628 CVE-2008-1187 CVE-2008-1193 CVE-2008-1194 | Version: | 21 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-bea |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22301 | |||
| Oval ID: | oval:org.mitre.oval:def:22301 | ||
| Title: | ELSA-2008:0100: java-1.4.2-bea security update (Moderate) | ||
| Description: | Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0100-01 CVE-2007-4381 CVE-2007-2788 CVE-2007-2789 CVE-2007-3698 CVE-2007-5232 CVE-2007-5240 CVE-2007-5273 CVE-2007-5239 | Version: | 37 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-bea |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22548 | |||
| Oval ID: | oval:org.mitre.oval:def:22548 | ||
| Title: | ELSA-2007:1041: java-1.5.0-ibm security update (Important) | ||
| Description: | Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2007:1041-01 CVE-2007-5232 CVE-2007-5238 CVE-2007-5240 CVE-2007-5239 CVE-2007-5273 CVE-2007-5274 | Version: | 29 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22586 | |||
| Oval ID: | oval:org.mitre.oval:def:22586 | ||
| Title: | ELSA-2008:0123: java-1.5.0-sun security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0123-01 CVE-2008-0657 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22691 | |||
| Oval ID: | oval:org.mitre.oval:def:22691 | ||
| Title: | ELSA-2008:0156: java-1.5.0-bea security update (Moderate) | ||
| Description: | Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0156-02 CVE-2007-5232 CVE-2007-5239 CVE-2007-5240 CVE-2007-5273 CVE-2008-0657 | Version: | 25 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-bea |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22712 | |||
| Oval ID: | oval:org.mitre.oval:def:22712 | ||
| Title: | ELSA-2008:0244: java-1.5.0-bea security update (Moderate) | ||
| Description: | Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0244-01 CVE-2008-1187 CVE-2008-1193 CVE-2008-1194 | Version: | 17 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-bea |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9585 | |||
| Oval ID: | oval:org.mitre.oval:def:9585 | ||
| Title: | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue." | ||
| Description: | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-1186 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9672 | |||
| Oval ID: | oval:org.mitre.oval:def:9672 | ||
| Title: | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue." | ||
| Description: | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-1185 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9847 | |||
| Oval ID: | oval:org.mitre.oval:def:9847 | ||
| Title: | The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. | ||
| Description: | The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-0628 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux Extras 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9898 | |||
| Oval ID: | oval:org.mitre.oval:def:9898 | ||
| Title: | The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. | ||
| Description: | The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-5689 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 2 File : nvt/macosx_java_for_10_5_upd_2.nasl |
| 2009-10-13 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm1.nasl |
| 2009-10-13 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm3.nasl |
| 2009-10-13 | Name : SLES10: Security update for Sun Java File : nvt/sles10_java-1_4_2-sun1.nasl |
| 2009-10-13 | Name : SLES10: Security update for IBM Java 1.5.0 File : nvt/sles10_java-1_5_0-ibm4.nasl |
| 2009-10-13 | Name : SLES10: Security update for epiphany File : nvt/sles10_mozilla-xulrunn.nasl |
| 2009-10-10 | Name : SLES9: Security update for Sun Java 2 File : nvt/sles9p5020427.nasl |
| 2009-10-10 | Name : SLES9: Security update for Java 2 File : nvt/sles9p5015291.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBM Java2 JRE and SDK File : nvt/sles9p5015890.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBMJava5-JRE,IBMJava5-SDK File : nvt/sles9p5021818.nasl |
| 2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5022953.nasl |
| 2009-10-10 | Name : SLES9: Security update for Java2 File : nvt/sles9p5023078.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBM Java 5 and JRE File : nvt/sles9p5023460.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBM Java 2 JRE and SDK File : nvt/sles9p5023603.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBM Java2 JRE and SDK File : nvt/sles9p5033560.nasl |
| 2009-05-05 | Name : HP-UX Update for Java JRE and JDK HPSBUX02284 File : nvt/gb_hp_ux_HPSBUX02284.nasl |
| 2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:080 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_080.nasl |
| 2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-592-1 File : nvt/gb_ubuntu_USN_592_1.nasl |
| 2009-03-06 | Name : RedHat Update for IBMJava2 RHSA-2008:0133-01 File : nvt/gb_RHSA-2008_0133-01_IBMJava2.nasl |
| 2009-01-28 | Name : SuSE Update for IBM Java SUSE-SA:2007:056 File : nvt/gb_suse_2007_056.nasl |
| 2009-01-28 | Name : SuSE Update for Sun Java SUSE-SA:2007:055 File : nvt/gb_suse_2007_055.nasl |
| 2009-01-28 | Name : SuSE Update for IBM Java, Sun Java SUSE-SA:2007:045 File : nvt/gb_suse_2007_045.nasl |
| 2009-01-23 | Name : SuSE Update for IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm SUSE-SA:2008... File : nvt/gb_suse_2008_025.nasl |
| 2009-01-23 | Name : SuSE Update for MozillaFirefox SUSE-SA:2008:019 File : nvt/gb_suse_2008_019.nasl |
| 2009-01-23 | Name : SuSE Update for Sun Java SUSE-SA:2008:018 File : nvt/gb_suse_2008_018.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200806-11 (ibm-jdk-bin ibm-jre-bin) File : nvt/glsa_200806_11.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-28 (jrockit-jdk-bin) File : nvt/glsa_200804_28.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-20 (sun-jdk, sun-jre-bin, emul-linux-x86... File : nvt/glsa_200804_20.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200709-15 (jrockit-jdk-bin) File : nvt/glsa_200709_15.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200706-08 (emul-linux-x86-java) File : nvt/glsa_200706_08.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-23 (sun-jdk,sun-jre-bin) File : nvt/glsa_200705_23.nasl |
| 2008-09-04 | Name : FreeBSD Ports: jdk File : nvt/freebsd_jdk1.nasl |
| 2008-06-17 | Name : Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Lin) File : nvt/mozilla_CB-A08-0017.nasl |
| 2008-06-17 | Name : Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Win) File : nvt/smbcl_mozilla.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 45527 | Sun Java JDK / JRE Outbound Connection DNS Rebinding Security Bypass |
| 42602 | Sun Java Web Start Application JNLP File Handling Overflow (6660121) |
| 42601 | Sun Java JRE JavaScript Arbitrary Java API Access Java JRE/JDK contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a Java applet is able to access arbitrary network services via unspecified vectors in the Java API. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
| 42600 | Sun Java JRE Color Management Library Applet Handling sun.awt.color.CMM.cmmCo... |
| 42599 | Sun Java JRE Color Management Library SpCurveToPublic Overflow DoS |
| 42598 | Sun Java JRE Image Parsing Library Applet Privilege Escalation (6633278) |
| 42597 | Sun Java Plug-in Applet Handling Policy Bypass Privilege Escalation (6608712) |
| 42596 | Sun Java Web Start Untrusted Application Unspecified Privilege Escalation (66... |
| 42595 | Sun Java Web Start Untrusted Application Unspecified Privilege Escalation (66... |
| 42594 | Sun Java Web Start useEncodingDecl() Function XML Header Parsing Overflow |
| 42593 | Sun Java Web Start Unspecified Application Handling Overflow (6605187) |
| 42592 | Sun Java Web Start Unspecified Application Handling Overflow (6605184) |
| 42591 | Sun Java JRE XSLT Transformation Processing Privilege Escalation |
| 42590 | Sun Java Runtime Environment Virtual Machine Untrusted Applet Privilege Escal... |
| 42589 | Sun Java Runtime Environment Virtual Machine Untrusted Applet Privilege Escal... |
| 41147 | Sun Java JDK / JRE Unspecified Applet Handling Privilege Escalation (6529591) |
| 41146 | Sun Java JDK / JRE Unspecified Applet Handling Privilege Escalation (6529590) |
| 40931 | Sun Java Runtime Environment External XML Entities Restriction Bypass |
| 40834 | Sun Java JDK / JRE Java Virtual Machine (JVM) Unspecified Applet Privilege Es... |
| 37765 | Sun Java JDK / JRE Applet Outbound DNS Rebinding Issue |
| 37763 | Sun Java JDK / JRE Untrusted Application Arbitrary File Manipulation |
| 37762 | Sun Java JDK / JRE Multiple Unspecified Information Disclosure |
| 37761 | Sun Java JDK / JRE Local Drag-and-drop Operation Access Restriction Bypass |
| 37760 | Sun Java JDK / JRE Untrusted Applet Warning Banner Display Bypass |
| 37759 | Sun Java JDK / JRE LiveConnect API DNS Rebinding Security Bypass |
| 37756 | Sun Java Web Start javaws.exe JNLP File Processing codebase Attribute Overflow |
| 36200 | Sun Java JDK BMP Parsing Remote Privilege Escalation |
| 36199 | Sun Java JDK Embedded ICC Profile Image Parser Overflow |
| 35483 | Sun Java Web Start JNLP File Unspecified Privilege Escalation |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-03-31 | Oracle Java WebStart JNLP stack buffer overflow attempt RuleID : 33588 - Revision : 2 - Type : FILE-OTHER |
| 2014-01-10 | Oracle JDK image parsing library ICC buffer overflow attempt RuleID : 17727 - Revision : 14 - Type : FILE-OTHER |
| 2014-01-10 | Sun JDK image parsing library ICC buffer overflow attempt RuleID : 15328 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Web Start xml encoding buffer overflow attempt RuleID : 15081 - Revision : 14 - Type : FILE-JAVA |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0207.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host has an application that may be prone to a buffer overflo... File : sun_java_webstart_jnlp_overflow_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_jre_233321_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host has an application that is affected by privilege escalat... File : sun_java_jre_231261_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host has an application that is affected by a security bypass... File : sun_java_jre_231246_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_jre_103079_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host has an application that is affected by several vulnerabi... File : sun_java_jre_102934_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host has an application that is affected by a privilege escal... File : sun_java_jre_102881_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1086.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0245.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0818.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0267.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080114_jdk__java__on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071128_jdk__java__on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080714_java__jdk_1_5_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12142.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12210.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0956.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0244.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0243.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0210.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0555.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0186.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0156.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0132.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0123.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0100.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1041.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0963.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0829.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0817.nasl - Type : ACT_GATHER_INFO |
| 2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0010.nasl - Type : ACT_GATHER_INFO |
| 2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0002.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-080.nasl - Type : ACT_GATHER_INFO |
| 2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_rel7.nasl - Type : ACT_GATHER_INFO |
| 2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_10_5_update2.nasl - Type : ACT_GATHER_INFO |
| 2008-08-22 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-5465.nasl - Type : ACT_GATHER_INFO |
| 2008-06-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200806-11.nasl - Type : ACT_GATHER_INFO |
| 2008-06-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0133.nasl - Type : ACT_GATHER_INFO |
| 2008-04-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-28.nasl - Type : ACT_GATHER_INFO |
| 2008-04-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-5182.nasl - Type : ACT_GATHER_INFO |
| 2008-04-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-5183.nasl - Type : ACT_GATHER_INFO |
| 2008-04-22 | Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner181-5158.nasl - Type : ACT_GATHER_INFO |
| 2008-04-22 | Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner-5163.nasl - Type : ACT_GATHER_INFO |
| 2008-04-22 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5167.nasl - Type : ACT_GATHER_INFO |
| 2008-04-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-20.nasl - Type : ACT_GATHER_INFO |
| 2008-04-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner-5164.nasl - Type : ACT_GATHER_INFO |
| 2008-04-11 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5153.nasl - Type : ACT_GATHER_INFO |
| 2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-5132.nasl - Type : ACT_GATHER_INFO |
| 2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-5133.nasl - Type : ACT_GATHER_INFO |
| 2008-04-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-sun-5131.nasl - Type : ACT_GATHER_INFO |
| 2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_4_2-sun-5130.nasl - Type : ACT_GATHER_INFO |
| 2008-04-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5134.nasl - Type : ACT_GATHER_INFO |
| 2008-03-31 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5135.nasl - Type : ACT_GATHER_INFO |
| 2008-03-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-592-1.nasl - Type : ACT_GATHER_INFO |
| 2008-03-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0207.nasl - Type : ACT_GATHER_INFO |
| 2008-03-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0207.nasl - Type : ACT_GATHER_INFO |
| 2008-03-26 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_119.nasl - Type : ACT_GATHER_INFO |
| 2008-03-26 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20013.nasl - Type : ACT_GATHER_INFO |
| 2008-03-06 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_jre_233321.nasl - Type : ACT_GATHER_INFO |
| 2008-03-04 | Name : The remote Windows host has an application that is affected by privilege esca... File : sun_java_jre_231261.nasl - Type : ACT_GATHER_INFO |
| 2008-02-01 | Name : The remote Windows host has an application that is affected by a security byp... File : sun_java_jre_231246.nasl - Type : ACT_GATHER_INFO |
| 2007-12-17 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_rel6.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-sun-3844.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-sun-4533.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-4544.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-4687.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-4542.nasl - Type : ACT_GATHER_INFO |
| 2007-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-4527.nasl - Type : ACT_GATHER_INFO |
| 2007-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-4525.nasl - Type : ACT_GATHER_INFO |
| 2007-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_4_2-sun-4536.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-3832.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_4_2-sun-3843.nasl - Type : ACT_GATHER_INFO |
| 2007-10-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c93e4d4175c511dcb9030016179b2dd5.nasl - Type : ACT_GATHER_INFO |
| 2007-10-05 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_jre_103079.nasl - Type : ACT_GATHER_INFO |
| 2007-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200709-15.nasl - Type : ACT_GATHER_INFO |
| 2007-07-10 | Name : The remote Windows host has an application that may be prone to a buffer over... File : sun_java_webstart_jnlp_overflow.nasl - Type : ACT_GATHER_INFO |
| 2007-06-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200706-08.nasl - Type : ACT_GATHER_INFO |
| 2007-06-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-23.nasl - Type : ACT_GATHER_INFO |
| 2007-06-02 | Name : The remote Windows host has an application that is affected by several vulner... File : sun_java_jre_102934.nasl - Type : ACT_GATHER_INFO |
| 2007-05-02 | Name : The remote Windows host has an application that is affected by a privilege es... File : sun_java_jre_102881.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:35:46 |
|
