Executive Summary
Summary | |
---|---|
Title | java-1.5.0-ibm security update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:0891 | First vendor Publication | 2008-10-24 |
Vendor | RedHat | Last vendor Modification | 2008-10-24 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated java-1.5.0-ibm packages that fix a security issue are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64 3. Description: The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A flaw was found in the Java Management Extensions (JMX) management agent. When local monitoring is enabled, remote attackers could use this flaw to perform illegal operations. (CVE-2008-3103) All users of java-1.5.0-ibm are advised to upgrade to these updated packages containing the IBM 1.5.0 SR8a Java release, which resolves this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 452659 - CVE-2008-3103 OpenJDK JMX allows illegal operations with local monitoring (6332953) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-0891.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22657 | |||
Oval ID: | oval:org.mitre.oval:def:22657 | ||
Title: | ELSA-2008:0891: java-1.5.0-ibm security update (Moderate) | ||
Description: | Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0891-01 CVE-2008-3103 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-ibm |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-28 | Name : Java for Mac OS X 10.5 Update 2 File : nvt/macosx_java_for_10_5_upd_2.nasl |
2009-10-13 | Name : SLES10: Security update for IBM Java 5 File : nvt/sles10_java-1_5_0-ibm.nasl |
2009-10-10 | Name : SLES9: Security update for IBMJava5 JRE and IBMJava5 SDK File : nvt/sles9p5037140.nasl |
2009-01-23 | Name : SuSE Update for Sun Java security update SUSE-SA:2008:042 File : nvt/gb_suse_2008_042.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46967 | Sun Java JDK / JRE Java Management Extensions (JMX) Management Agent Remote P... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-08-16 | IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products Severity : Category I - VMSKEY : V0033662 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-09-13 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_psn_2012_08_689.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_jre_6_7_unix.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_jre_5_16_unix.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0594.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080714_java__jdk_1_5_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0636.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0466.nasl - Type : ACT_GATHER_INFO |
2009-11-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12265.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0891.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0906.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-1044.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-1045.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0595.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2008-0016.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-080715.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-080715.nasl - Type : ACT_GATHER_INFO |
2008-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-5662.nasl - Type : ACT_GATHER_INFO |
2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_10_5_update2.nasl - Type : ACT_GATHER_INFO |
2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_rel7.nasl - Type : ACT_GATHER_INFO |
2008-08-24 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-5434.nasl - Type : ACT_GATHER_INFO |
2008-08-24 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-5435.nasl - Type : ACT_GATHER_INFO |
2008-07-15 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_jre_6_7.nasl - Type : ACT_GATHER_INFO |
2008-07-15 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_jre_5_16.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:58 |
|