Executive Summary

Informations
NameMDVSA-2011:054First vendor Publication2011-03-27
VendorMandrivaLast vendor Modification2011-03-27
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been identified and fixed in java-1.6.0-openjdk:

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader (CVE-2010-4351).

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves DNS cache poisoning by untrusted applets. (CVE-2010-4448)

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable (CVE-2010-4450).

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or clipboard access in Applets. (CVE-2010-4465)

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and backward jsrs. (CVE-2010-4469)

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to Features set on SchemaFactory not inherited by Validator. (CVE-2010-4470)

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text (CVE-2010-4471).

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the XML DSig Transform or C14N algorithm implementations. (CVE-2010-4472)

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308 (CVE-2010-4476).

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are partially signed or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source (CVE-2011-0025).

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of an inappropriate security descriptor. (CVE-2011-0706)

Additionally the java-1.5.0-gcj packages were not rebuilt with the shipped version on GCC for 2009.0 and Enterprise Server 5 which caused problems while building the java-1.6.0-openjdk updates, therefore rebuilt java-1.5.0-gcj packages are being provided with this advisory as well.

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:054

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21749
 
Oval ID: oval:org.mitre.oval:def:21749
Title: RHSA-2011:0176: java-1.6.0-openjdk security update (Moderate)
Description: The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.
Family: unix Class: patch
Reference(s): RHSA-2011:0176-01
CESA-2011:0176
CVE-2010-3860
CVE-2010-4351
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13410
 
Oval ID: oval:org.mitre.oval:def:13410
Title: USN-1052-1 -- openjdk-6, openjdk-6b18 vulnerability
Description: It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended scurity policy in its checkPermission method. This could allow an attacker execute code with privileges that should have been prevented
Family: unix Class: patch
Reference(s): USN-1052-1
CVE-2010-4351
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): openjdk-6
openjdk-6b18
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13374
 
Oval ID: oval:org.mitre.oval:def:13374
Title: USN-1055-1 -- openjdk-6, openjdk-6b18 vulnerabilities
Description: It was discovered that IcedTea for Java did not properly verify signatures when handling multiply signed or partially signed JAR files, allowing an attacker to cause code to execute that appeared to come from a verified source. USN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu 9.10 and Ubuntu 10.04 LTS on all architectures, and Ubuntu 10.10 for all architectures except for the armel architecture. This update provides the corresponding update for Ubuntu 10.10 on the armel architecture. Original advisory details: It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended scurity policy in its checkPermission method. This could allow an attacker to execute code with privileges that should have been prevented
Family: unix Class: patch
Reference(s): USN-1055-1
CVE-2011-0025
CVE-2010-4351
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): openjdk-6
openjdk-6b18
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22663
 
Oval ID: oval:org.mitre.oval:def:22663
Title: ELSA-2011:0176: java-1.6.0-openjdk security update (Moderate)
Description: The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.
Family: unix Class: patch
Reference(s): ELSA-2011:0176-01
CVE-2010-3860
CVE-2010-4351
Version: 13
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27537
 
Oval ID: oval:org.mitre.oval:def:27537
Title: ELSA-2011-0176 -- java-1.6.0-openjdk security update (moderate)
Description: [1:1.6.0.0-1.17.b17.0.1.el5] - Add oracle-enterprise.patch [1:1.6.0.0-1.17.b17.el5] - Updated to 1.7.7 tarball - Resolves: bz668487 - Also resolves bz668488
Family: unix Class: patch
Reference(s): ELSA-2011-0176
CVE-2010-3860
CVE-2010-4351
Version: 2
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19857
 
Oval ID: oval:org.mitre.oval:def:19857
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."
Family: unix Class: vulnerability
Reference(s): CVE-2010-4448
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14045
 
Oval ID: oval:org.mitre.oval:def:14045
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."
Family: windows Class: vulnerability
Reference(s): CVE-2010-4448
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12906
 
Oval ID: oval:org.mitre.oval:def:12906
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."
Family: unix Class: vulnerability
Reference(s): CVE-2010-4448
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19776
 
Oval ID: oval:org.mitre.oval:def:19776
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4450
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14135
 
Oval ID: oval:org.mitre.oval:def:14135
Title: DEPRECATED: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4450
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12420
 
Oval ID: oval:org.mitre.oval:def:12420
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4450
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20580
 
Oval ID: oval:org.mitre.oval:def:20580
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."
Family: unix Class: vulnerability
Reference(s): CVE-2010-4465
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14034
 
Oval ID: oval:org.mitre.oval:def:14034
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."
Family: windows Class: vulnerability
Reference(s): CVE-2010-4465
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12925
 
Oval ID: oval:org.mitre.oval:def:12925
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."
Family: unix Class: vulnerability
Reference(s): CVE-2010-4465
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20543
 
Oval ID: oval:org.mitre.oval:def:20543
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs."
Family: unix Class: vulnerability
Reference(s): CVE-2010-4469
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13639
 
Oval ID: oval:org.mitre.oval:def:13639
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs."
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs."
Family: windows Class: vulnerability
Reference(s): CVE-2010-4469
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12833
 
Oval ID: oval:org.mitre.oval:def:12833
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs."
Family: unix Class: vulnerability
Reference(s): CVE-2010-4469
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19986
 
Oval ID: oval:org.mitre.oval:def:19986
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator."
Family: unix Class: vulnerability
Reference(s): CVE-2010-4470
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14076
 
Oval ID: oval:org.mitre.oval:def:14076
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator."
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator."
Family: windows Class: vulnerability
Reference(s): CVE-2010-4470
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12887
 
Oval ID: oval:org.mitre.oval:def:12887
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator."
Family: unix Class: vulnerability
Reference(s): CVE-2010-4470
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20243
 
Oval ID: oval:org.mitre.oval:def:20243
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4471
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14417
 
Oval ID: oval:org.mitre.oval:def:14417
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4471
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12089
 
Oval ID: oval:org.mitre.oval:def:12089
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4471
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21931
 
Oval ID: oval:org.mitre.oval:def:21931
Title: RHSA-2011:0281: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."
Family: unix Class: patch
Reference(s): RHSA-2011:0281-01
CVE-2010-4448
CVE-2010-4450
CVE-2010-4465
CVE-2010-4469
CVE-2010-4470
CVE-2010-4472
Version: 81
Platform(s): Red Hat Enterprise Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20565
 
Oval ID: oval:org.mitre.oval:def:20565
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."
Family: unix Class: vulnerability
Reference(s): CVE-2010-4472
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14118
 
Oval ID: oval:org.mitre.oval:def:14118
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."
Family: windows Class: vulnerability
Reference(s): CVE-2010-4472
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12903
 
Oval ID: oval:org.mitre.oval:def:12903
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."
Family: unix Class: vulnerability
Reference(s): CVE-2010-4472
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22845
 
Oval ID: oval:org.mitre.oval:def:22845
Title: ELSA-2011:0281: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."
Family: unix Class: patch
Reference(s): ELSA-2011:0281-01
CVE-2010-4448
CVE-2010-4450
CVE-2010-4465
CVE-2010-4469
CVE-2010-4470
CVE-2010-4472
Version: 29
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27966
 
Oval ID: oval:org.mitre.oval:def:27966
Title: ELSA-2011-0281 -- java-1.6.0-openjdk security update (important)
Description: [1.6.0.0-1.39.b17] - respin of IcedTea6 1.7.10 - Resolves: rhbz#676276 [1.6.0.0-1.37.b17] - Updated to IcedTea6 1.7.10 - Resolves: rhbz#676276
Family: unix Class: patch
Reference(s): ELSA-2011-0281
CVE-2010-4448
CVE-2010-4450
CVE-2010-4465
CVE-2010-4469
CVE-2010-4470
CVE-2010-4472
Version: 2
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21907
 
Oval ID: oval:org.mitre.oval:def:21907
Title: RHSA-2011:0292: java-1.4.2-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0292-01
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21859
 
Oval ID: oval:org.mitre.oval:def:21859
Title: RHSA-2011:0282: java-1.6.0-sun security update (Critical)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0282-01
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4475
CVE-2010-4476
Version: 250
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21809
 
Oval ID: oval:org.mitre.oval:def:21809
Title: RHSA-2011:0291: java-1.5.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0291-01
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21713
 
Oval ID: oval:org.mitre.oval:def:21713
Title: RHSA-2011:0214: java-1.6.0-openjdk security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0214-01
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21420
 
Oval ID: oval:org.mitre.oval:def:21420
Title: RHSA-2011:0336: tomcat5 security update (Important)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0336-01
CESA-2011:0336
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21273
 
Oval ID: oval:org.mitre.oval:def:21273
Title: RHSA-2011:0290: java-1.6.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0290-01
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20649
 
Oval ID: oval:org.mitre.oval:def:20649
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19493
 
Oval ID: oval:org.mitre.oval:def:19493
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14589
 
Oval ID: oval:org.mitre.oval:def:14589
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14328
 
Oval ID: oval:org.mitre.oval:def:14328
Title: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4476
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12879
 
Oval ID: oval:org.mitre.oval:def:12879
Title: DSA-2161-1 openjdk-6 -- denial of service
Description: It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.
Family: unix Class: patch
Reference(s): DSA-2161-1
CVE-2010-4476
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12745
 
Oval ID: oval:org.mitre.oval:def:12745
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12662
 
Oval ID: oval:org.mitre.oval:def:12662
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23615
 
Oval ID: oval:org.mitre.oval:def:23615
Title: ELSA-2011:0282: java-1.6.0-sun security update (Critical)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0282-01
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4475
CVE-2010-4476
Version: 81
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23595
 
Oval ID: oval:org.mitre.oval:def:23595
Title: ELSA-2011:0291: java-1.5.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0291-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23406
 
Oval ID: oval:org.mitre.oval:def:23406
Title: ELSA-2011:0290: java-1.6.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0290-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23319
 
Oval ID: oval:org.mitre.oval:def:23319
Title: ELSA-2011:0214: java-1.6.0-openjdk security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0214-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22977
 
Oval ID: oval:org.mitre.oval:def:22977
Title: ELSA-2011:0336: tomcat5 security update (Important)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0336-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22908
 
Oval ID: oval:org.mitre.oval:def:22908
Title: DEPRECATED: ELSA-2011:0291: java-1.5.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0291-01
CVE-2010-4476
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22836
 
Oval ID: oval:org.mitre.oval:def:22836
Title: DEPRECATED: ELSA-2011:0290: java-1.6.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0290-01
CVE-2010-4476
Version: 7
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22826
 
Oval ID: oval:org.mitre.oval:def:22826
Title: ELSA-2011:0292: java-1.4.2-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0292-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22673
 
Oval ID: oval:org.mitre.oval:def:22673
Title: DEPRECATED: ELSA-2011:0282: java-1.6.0-sun security update (Critical)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0282-01
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4475
CVE-2010-4476
Version: 82
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28054
 
Oval ID: oval:org.mitre.oval:def:28054
Title: ELSA-2011-0214 -- java-1.6.0-openjdk security update (moderate)
Description: [1.6.0.0-1.36.b17] - removed plugin. How it comes in?! - Resolves: rhbz#676295 [1.6.0.0-1.33.b17] - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz#676295 [1.6.0.0-1.22.b17] - Updated to 1.7.9 tarball - removed patch6, fixed upstrream - Resolves: rhbz#676295
Family: unix Class: patch
Reference(s): ELSA-2011-0214
CVE-2010-4476
Version: 2
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27948
 
Oval ID: oval:org.mitre.oval:def:27948
Title: ELSA-2011-0336 -- tomcat5 security update (important)
Description: [0:5.5.23-0jpp.17] - Resolves: rhbz 674599 JDK Double.parseDouble DoS
Family: unix Class: patch
Reference(s): ELSA-2011-0336
CVE-2010-4476
Version: 2
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14117
 
Oval ID: oval:org.mitre.oval:def:14117
Title: The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
Description: The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0706
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13733
 
Oval ID: oval:org.mitre.oval:def:13733
Title: USN-1079-2 -- openjdk-6b18 vulnerabilities
Description: USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel architectures. This update provides the corresponding updates for OpenJDK 6 for use with the armel architectures. In order to build the armel OpenJDK 6 update for Ubuntu 10.04 LTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu 10.04 LTS updates. Original advisory details: It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin Preißer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor
Family: unix Class: patch
Reference(s): USN-1079-2
CVE-2010-4448
CVE-2010-4450
CVE-2010-4465
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4476
CVE-2011-0706
Version: 5
Platform(s): Ubuntu 9.10
Ubuntu 10.04
Product(s): openjdk-6b18
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13407
 
Oval ID: oval:org.mitre.oval:def:13407
Title: USN-1079-3 -- openjdk-6b18 vulnerabilities
Description: USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel architectures for Ubuntu 10.10. Original advisory details: It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin Preißer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor
Family: unix Class: patch
Reference(s): USN-1079-3
CVE-2010-4448
CVE-2010-4450
CVE-2010-4465
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4476
CVE-2011-0706
Version: 5
Platform(s): Ubuntu 10.10
Product(s): openjdk-6b18
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13241
 
Oval ID: oval:org.mitre.oval:def:13241
Title: USN-1079-1 -- openjdk-6 vulnerabilities
Description: It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin Preißer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor
Family: unix Class: patch
Reference(s): USN-1079-1
CVE-2010-4448
CVE-2010-4450
CVE-2010-4465
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4476
CVE-2011-0706
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13043
 
Oval ID: oval:org.mitre.oval:def:13043
Title: DSA-2224-1 openjdk-6 -- several
Description: Several security vulnerabilities were discovered in OpenJDK, an implementation of the Java platform. CVE-2010-4351 The JNLP SecurityManager returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. CVE-2010-4448 Malicious applets can perform DNS cache poisoning. CVE-2010-4450 An empty LD_LIBRARY_PATH environment variable results in a misconstructed library search path, resulting in code execution from possibly untrusted sources. CVE-2010-4465 Malicious applets can extend their privileges by abusing Swing timers. CVE-2010-4469 The Hotspot just-in-time compiler miscompiles crafted byte sequences, resulting in heap corruption. CVE-2010-4470 JAXP can be exploited by untrusted code to elevate privileges. CVE-2010-4471 Java2D can be exploited by untrusted code to elevate privileges. CVE-2010-4472 Untrusted code can replace the XML DSIG implementation. CVE-2011-0025 Signatures on JAR files are not properly verified, which allows remote attackers to trick users into executing code that appears to come from a trusted source. CVE-2011-0706 The JNLPClassLoader class allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor In addition, this security update contains stability fixes, such as switching to the recommended Hotspot version for this particular version of OpenJDK.
Family: unix Class: patch
Reference(s): DSA-2224-1
CVE-2010-4351
CVE-2010-4448
CVE-2010-4450
CVE-2010-4465
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2011-0025
CVE-2011-0706
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): openjdk-6
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application18
Application3
Application51
Application81
Application30

OpenVAS Exploits

DateDescription
2012-07-30Name : CentOS Update for java CESA-2011:0176 centos5 x86_64
File : nvt/gb_CESA-2011_0176_java_centos5_x86_64.nasl
2012-07-30Name : CentOS Update for java CESA-2011:0214 centos5 x86_64
File : nvt/gb_CESA-2011_0214_java_centos5_x86_64.nasl
2012-07-30Name : CentOS Update for java CESA-2011:0281 centos5 x86_64
File : nvt/gb_CESA-2011_0281_java_centos5_x86_64.nasl
2012-07-30Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64
File : nvt/gb_CESA-2011_0336_tomcat5_centos5_x86_64.nasl
2012-06-06Name : RedHat Update for tomcat6 RHSA-2011:0335-01
File : nvt/gb_RHSA-2011_0335-01_tomcat6.nasl
2012-03-15Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv...
File : nvt/gb_VMSA-2011-0013.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_201111_02.nasl
2011-10-21Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638
File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl
2011-08-29Name : Java for Mac OS X 10.5 Update 9
File : nvt/secpod_macosx_java_10_5_upd_9.nasl
2011-08-29Name : Java for Mac OS X 10.6 Update 4
File : nvt/secpod_macosx_java_10_6_upd_4.nasl
2011-08-12Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523
File : nvt/gb_fedora_2011_9523_java-1.6.0-openjdk_fc14.nasl
2011-08-09Name : CentOS Update for java CESA-2011:0176 centos5 i386
File : nvt/gb_CESA-2011_0176_java_centos5_i386.nasl
2011-08-09Name : CentOS Update for java CESA-2011:0214 centos5 i386
File : nvt/gb_CESA-2011_0214_java_centos5_i386.nasl
2011-08-09Name : CentOS Update for java CESA-2011:0281 centos5 i386
File : nvt/gb_CESA-2011_0281_java_centos5_i386.nasl
2011-08-09Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 i386
File : nvt/gb_CESA-2011_0336_tomcat5_centos5_i386.nasl
2011-06-20Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8003
File : nvt/gb_fedora_2011_8003_java-1.6.0-openjdk_fc14.nasl
2011-06-20Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8020
File : nvt/gb_fedora_2011_8020_java-1.6.0-openjdk_fc13.nasl
2011-06-06Name : HP-UX Update for Java HPSBUX02685
File : nvt/gb_hp_ux_HPSBUX02685.nasl
2011-05-12Name : Debian Security Advisory DSA 2224-1 (openjdk-6)
File : nvt/deb_2224_1.nasl
2011-05-05Name : HP-UX Update for Apache Web Server HPSBUX02645
File : nvt/gb_hp_ux_HPSBUX02645.nasl
2011-04-01Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2011_054.nasl
2011-03-15Name : RedHat Update for tomcat5 RHSA-2011:0336-01
File : nvt/gb_RHSA-2011_0336-01_tomcat5.nasl
2011-03-07Name : Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1
File : nvt/gb_ubuntu_USN_1079_1.nasl
2011-03-07Name : Debian Security Advisory DSA 2161-1 (openjdk-6)
File : nvt/deb_2161_1.nasl
2011-03-07Name : Debian Security Advisory DSA 2161-2 (openjdk-6)
File : nvt/deb_2161_2.nasl
2011-02-28Name : Oracle Java SE Code Execution Vulnerabilities (Windows)
File : nvt/secpod_oracle_java_mult_code_exec_vuln_win.nasl
2011-02-28Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)
File : nvt/secpod_oracle_java_mult_unspecified_vuln_win.nasl
2011-02-28Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)
File : nvt/secpod_oracle_java_mult_unspecified_vuln_win_feb11.nasl
2011-02-28Name : SuSE Update for java-1_6_0-sun SUSE-SA:2011:010
File : nvt/gb_suse_2011_010.nasl
2011-02-18Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01
File : nvt/gb_RHSA-2011_0281-01_java-1.6.0-openjdk.nasl
2011-02-18Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631
File : nvt/gb_fedora_2011_1631_java-1.6.0-openjdk_fc13.nasl
2011-02-18Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645
File : nvt/gb_fedora_2011_1645_java-1.6.0-openjdk_fc14.nasl
2011-02-16Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1231
File : nvt/gb_fedora_2011_1231_java-1.6.0-openjdk_fc13.nasl
2011-02-16Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1263
File : nvt/gb_fedora_2011_1263_java-1.6.0-openjdk_fc14.nasl
2011-02-11Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0214-01
File : nvt/gb_RHSA-2011_0214-01_java-1.6.0-openjdk.nasl
2011-02-04Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerabilities USN-1055-1
File : nvt/gb_ubuntu_USN_1055_1.nasl
2011-01-31Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerability USN-1052-1
File : nvt/gb_ubuntu_USN_1052_1.nasl
2011-01-31Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0176-01
File : nvt/gb_RHSA-2011_0176-01_java-1.6.0-openjdk.nasl
2011-01-21Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-0500
File : nvt/gb_fedora_2011_0500_java-1.6.0-openjdk_fc13.nasl
2011-01-21Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-0521
File : nvt/gb_fedora_2011_0521_java-1.6.0-openjdk_fc14.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
73765OpenJDK Runtime Environment IcedTea-Web JNLPClassLoader Multiple Signer Remot...
73764OpenJDK IcedTea JAR File Signature Verification Weakness
71622Oracle Java SE / Java for Business XML Digital Signature Unspecified Remote DoS
71621Oracle Java SE / Java for Business Networking Unspecified Remote DoS
71620Oracle Java SE / Java for Business Launcher Unspecified Local Issue
71616Oracle Java SE / Java for Business 2D Unspecified Remote Information Disclosure
71615Oracle Java SE / Java for Business JAXP Unspecified Remote DoS
71610Oracle Java SE / Java for Business Hotspot Unspecified Remote Compromise
71608Oracle Java SE / Java for Business Swing Clipboard Handle Arbitrary Command I...
70965Oracle Java SE / Java for Business Double.parseDouble Method Floating Point ...
70605OpenJDK IcedTea JNLP SecurityManager checkPermission Method Exception Bypass

Information Assurance Vulnerability Management (IAVM)

DateDescription
2012-05-03IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager
Severity : Category I - VMSKEY : V0032178
2011-12-15IAVM : 2011-A-0173 - Multiple Vulnerabilities in VMware ESX 4.0
Severity : Category I - VMSKEY : V0030824
2011-12-01IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity : Category I - VMSKEY : V0030769

Snort® IPS/IDS

DateDescription
2014-01-10Java floating point number denial of service - via POST
RuleID : 18471 - Revision : 7 - Type : SERVER-WEBAPP
2014-01-10Java floating point number denial of service - via URI
RuleID : 18470 - Revision : 8 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

DateDescription
2014-06-30Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_java-1_6_0-openjdk-110118.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_java-1_6_0-openjdk-110204.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_java-1_6_0-openjdk-110228.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_java-1_6_0-sun-110314.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0335.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0336.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0176.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0214.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0281.nasl - Type : ACT_GATHER_INFO
2013-03-09Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-2.nasl - Type : ACT_GATHER_INFO
2013-03-09Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-3.nasl - Type : ACT_GATHER_INFO
2013-02-22Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_feb_2011_unix.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110309_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110309_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110125_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110210_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110217_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110217_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-06-21Name : The remote database server is affected by multiple denial of service vulnerab...
File : db2_9fp11.nasl - Type : ACT_GATHER_INFO
2012-06-15Name : The remote Windows host contains software that is affected by multiple vulner...
File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-7443.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-7440.nasl - Type : ACT_GATHER_INFO
2011-11-23Name : The remote database server is affected by multiple denial of service vulnerab...
File : db2_97fp5.nasl - Type : ACT_GATHER_INFO
2011-11-07Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO
2011-10-28Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO
2011-05-13Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-110504.nasl - Type : ACT_GATHER_INFO
2011-05-13Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12706.nasl - Type : ACT_GATHER_INFO
2011-05-06Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0490.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-openjdk-110118.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-openjdk-110204.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-openjdk-110228.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO
2011-04-21Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2224.nasl - Type : ACT_GATHER_INFO
2011-04-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0176.nasl - Type : ACT_GATHER_INFO
2011-04-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO
2011-04-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0281.nasl - Type : ACT_GATHER_INFO
2011-04-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO
2011-04-01Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12691.nasl - Type : ACT_GATHER_INFO
2011-03-28Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-054.nasl - Type : ACT_GATHER_INFO
2011-03-22Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-7369.nasl - Type : ACT_GATHER_INFO
2011-03-22Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-110307.nasl - Type : ACT_GATHER_INFO
2011-03-21Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-7350.nasl - Type : ACT_GATHER_INFO
2011-03-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0364.nasl - Type : ACT_GATHER_INFO
2011-03-17Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12683.nasl - Type : ACT_GATHER_INFO
2011-03-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0357.nasl - Type : ACT_GATHER_INFO
2011-03-11Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-110223.nasl - Type : ACT_GATHER_INFO
2011-03-11Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12682.nasl - Type : ACT_GATHER_INFO
2011-03-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-7348.nasl - Type : ACT_GATHER_INFO
2011-03-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0335.nasl - Type : ACT_GATHER_INFO
2011-03-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO
2011-03-09Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update9.nasl - Type : ACT_GATHER_INFO
2011-03-09Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update4.nasl - Type : ACT_GATHER_INFO
2011-03-02Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-1.nasl - Type : ACT_GATHER_INFO
2011-02-23Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-sun-7342.nasl - Type : ACT_GATHER_INFO
2011-02-23Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO
2011-02-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0290.nasl - Type : ACT_GATHER_INFO
2011-02-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0291.nasl - Type : ACT_GATHER_INFO
2011-02-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0292.nasl - Type : ACT_GATHER_INFO
2011-02-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0281.nasl - Type : ACT_GATHER_INFO
2011-02-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0282.nasl - Type : ACT_GATHER_INFO
2011-02-17Name : The remote Fedora host is missing a security update.
File : fedora_2011-1631.nasl - Type : ACT_GATHER_INFO
2011-02-17Name : The remote Fedora host is missing a security update.
File : fedora_2011-1645.nasl - Type : ACT_GATHER_INFO
2011-02-16Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_feb_2011.nasl - Type : ACT_GATHER_INFO
2011-02-15Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2161.nasl - Type : ACT_GATHER_INFO
2011-02-14Name : The remote Fedora host is missing a security update.
File : fedora_2011-1231.nasl - Type : ACT_GATHER_INFO
2011-02-14Name : The remote Fedora host is missing a security update.
File : fedora_2011-1263.nasl - Type : ACT_GATHER_INFO
2011-02-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO
2011-02-02Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1055-1.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1052-1.nasl - Type : ACT_GATHER_INFO
2011-01-26Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0176.nasl - Type : ACT_GATHER_INFO
2011-01-20Name : The remote Fedora host is missing a security update.
File : fedora_2011-0500.nasl - Type : ACT_GATHER_INFO
2011-01-20Name : The remote Fedora host is missing a security update.
File : fedora_2011-0521.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:42:08
  • Multiple Updates