Executive Summary
Summary | |
---|---|
Title | java-1.6.0-sun security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0356 | First vendor Publication | 2010-04-19 |
Vendor | RedHat | Last vendor Modification | 2010-04-19 |
Severity (Vendor) | Critical | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated java-1.6.0-sun packages that fix two security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes two vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page listed in the References section. (CVE-2010-0886, CVE-2010-0887) Users of java-1.6.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 581237 - CVE-2010-0886 CVE-2010-0887 Sun Java: Java Web Start arbitrary command line injection |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0356.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14216 | |||
Oval ID: | oval:org.mitre.oval:def:14216 | ||
Title: | Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Description: | Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0886 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21692 | |||
Oval ID: | oval:org.mitre.oval:def:21692 | ||
Title: | RHSA-2010:0356: java-1.6.0-sun security update (Critical) | ||
Description: | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0356-02 CVE-2010-0886 CVE-2010-0887 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.6.0-sun |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22184 | |||
Oval ID: | oval:org.mitre.oval:def:22184 | ||
Title: | ELSA-2010:0356: java-1.6.0-sun security update (Critical) | ||
Description: | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0356-02 CVE-2010-0886 CVE-2010-0887 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-sun |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Sun Java Web Start command-line argument injection | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201006_18.nasl |
2010-05-28 | Name : Java for Mac OS X 10.5 Update 7 File : nvt/macosx_java_for_10_5_upd_7.nasl |
2010-05-28 | Name : Java for Mac OS X 10.6 Update 2 File : nvt/macosx_java_for_10_6_upd_2.nasl |
2010-04-23 | Name : Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows) File : nvt/secpod_sun_java_jdk_mult_vuln_win_apr10.nasl |
2010-04-23 | Name : Sun Java JRE Multiple Vulnerabilities (Linux) File : nvt/secpod_sun_java_jre_mult_vuln_lin_apr10.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
63799 | Oracle Java SE / Java for Business Plug-in Unspecified Remote Code Execution |
63798 | Oracle Java Deployment Toolkit Java Web Start Argument Injection Arbitrary Pr... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Oracle JRE Deployment Toolkit ActiveX clsid access attempt RuleID : 26682 - Revision : 5 - Type : BROWSER-PLUGINS |
2014-01-10 | Oracle JRE Deployment Toolkit ActiveX clsid access attempt RuleID : 23878 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Oracle Java Web Start arbitrary command execution attempt RuleID : 17660 - Revision : 9 - Type : SERVER-OTHER |
2014-01-10 | Oracle Java Web Start arbitrary command execution attempt RuleID : 16585 - Revision : 5 - Type : WEB-CLIENT |
2014-01-10 | Oracle Java Web Start arbitrary command execution attempt - Internet Explorer RuleID : 16584 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code executio... RuleID : 16550 - Revision : 8 - Type : FILE-OTHER |
2014-01-10 | Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code executio... RuleID : 16549 - Revision : 11 - Type : FILE-OTHER |
2014-01-10 | Java Web Start ActiveX launch command by JavaScript CLSID RuleID : 16548 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | Java Web Start ActiveX launch command by CLSID RuleID : 16547 - Revision : 5 - Type : WEB-ACTIVEX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote host contains a runtime environment that is affected by multiple v... File : oracle_java6_update20_unix.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100419_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-100420.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0549.nasl - Type : ACT_GATHER_INFO |
2010-06-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-18.nasl - Type : ACT_GATHER_INFO |
2010-05-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update7.nasl - Type : ACT_GATHER_INFO |
2010-05-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update2.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0356.nasl - Type : ACT_GATHER_INFO |
2010-04-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-100420.nasl - Type : ACT_GATHER_INFO |
2010-04-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-100420.nasl - Type : ACT_GATHER_INFO |
2010-04-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-100420.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote host contains a runtime environment that is affected by multiple v... File : oracle_java6_update20.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:27 |
|