Executive Summary
| Summary | |
|---|---|
| Title | java-1.6.0-ibm security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2010:0383 | First vendor Publication | 2010-04-29 |
| Vendor | RedHat | Last vendor Modification | 2010-04-29 |
| Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM "Security alerts" page listed in the References section. (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0846, CVE-2010-0848, CVE-2010-0849) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR8 Java release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 575740 - CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872) 575747 - CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability (6736390) 575755 - CVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393) 575756 - CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703) 575760 - CVE-2010-0092 OpenJDK AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149) 575769 - CVE-2010-0094 OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) 575772 - CVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954) 575808 - CVE-2010-0838 OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653) 575818 - CVE-2010-0837 OpenJDK JAR "unpack200" must verify input parameters (6902299) 575846 - CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691) 575854 - CVE-2010-0841 OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597) 575865 - CVE-2010-0848 OpenJDK AWT Library Invalid Index Vulnerability (6914823) 578430 - CVE-2010-0846 JDK unspecified vulnerability in ImageIO component 578432 - CVE-2010-0849 JDK unspecified vulnerability in Java2D component 578433 - CVE-2010-0087 JDK unspecified vulnerability in JWS/Plugin component 578436 - CVE-2010-0839 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 JDK multiple unspecified vulnerabilities 578437 - CVE-2010-0090 JDK unspecified vulnerability in JavaWS/Plugin component 578440 - CVE-2010-0089 JDK unspecified vulnerability in JavaWS/Plugin component |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2010-0383.html |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10057 | |||
| Oval ID: | oval:org.mitre.oval:def:10057 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0092 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10474 | |||
| Oval ID: | oval:org.mitre.oval:def:10474 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0085 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10482 | |||
| Oval ID: | oval:org.mitre.oval:def:10482 | ||
| Title: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM. | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0838 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10680 | |||
| Oval ID: | oval:org.mitre.oval:def:10680 | ||
| Title: | Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0837 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10851 | |||
| Oval ID: | oval:org.mitre.oval:def:10851 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0094 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11120 | |||
| Oval ID: | oval:org.mitre.oval:def:11120 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0084 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11173 | |||
| Oval ID: | oval:org.mitre.oval:def:11173 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0088 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11621 | |||
| Oval ID: | oval:org.mitre.oval:def:11621 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0095 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13150 | |||
| Oval ID: | oval:org.mitre.oval:def:13150 | ||
| Title: | USN-923-1 -- openjdk-6 vulnerabilities | ||
| Description: | Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. It was discovered that Loader-constraint table, Policy/PolicyFile, Inflater/Deflater, drag/drop access, and deserialization did not correctly handle certain sensitive objects. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. It was discovered that AtomicReferenceArray, System.arraycopy, InetAddress, and HashAttributeSet did not correctly handle certain situations. If a remote attacker could trigger specific error conditions, a Java application could crash, leading to a denial of service. It was discovered that Pack200, CMM readMabCurveData, ImagingLib, and the AWT library did not correctly check buffer lengths. If a user or automated system were tricked into handling specially crafted JAR files or images, a remote attacker could crash the Java application or possibly gain user privileges . It was discovered that applets did not correctly handle certain trust chains. If a user were tricked into running a specially crafted applet, a remote attacker could possibly run untrusted code with user privileges | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-923-1 CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0088 CVE-2010-0091 CVE-2010-0094 CVE-2010-0092 CVE-2010-0093 CVE-2010-0095 CVE-2010-0845 CVE-2010-0837 CVE-2010-0838 CVE-2010-0847 CVE-2010-0848 CVE-2010-0840 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 9.04 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13357 | |||
| Oval ID: | oval:org.mitre.oval:def:13357 | ||
| Title: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0839 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13492 | |||
| Oval ID: | oval:org.mitre.oval:def:13492 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0091 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13795 | |||
| Oval ID: | oval:org.mitre.oval:def:13795 | ||
| Title: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0849 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13803 | |||
| Oval ID: | oval:org.mitre.oval:def:13803 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0085 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13923 | |||
| Oval ID: | oval:org.mitre.oval:def:13923 | ||
| Title: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM. | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0838 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13959 | |||
| Oval ID: | oval:org.mitre.oval:def:13959 | ||
| Title: | Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0087 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13971 | |||
| Oval ID: | oval:org.mitre.oval:def:13971 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0840 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14061 | |||
| Oval ID: | oval:org.mitre.oval:def:14061 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0084 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14092 | |||
| Oval ID: | oval:org.mitre.oval:def:14092 | ||
| Title: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code. | ||
| Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0843 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14101 | |||
| Oval ID: | oval:org.mitre.oval:def:14101 | ||
| Title: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure. | ||
| Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0842 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14105 | |||
| Oval ID: | oval:org.mitre.oval:def:14105 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0095 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14144 | |||
| Oval ID: | oval:org.mitre.oval:def:14144 | ||
| Title: | Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX". | ||
| Description: | Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX". | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0841 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14208 | |||
| Oval ID: | oval:org.mitre.oval:def:14208 | ||
| Title: | Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0089 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14210 | |||
| Oval ID: | oval:org.mitre.oval:def:14210 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0092 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14237 | |||
| Oval ID: | oval:org.mitre.oval:def:14237 | ||
| Title: | Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0090 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14276 | |||
| Oval ID: | oval:org.mitre.oval:def:14276 | ||
| Title: | Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0837 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14282 | |||
| Oval ID: | oval:org.mitre.oval:def:14282 | ||
| Title: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory. | ||
| Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0844 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14321 | |||
| Oval ID: | oval:org.mitre.oval:def:14321 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0088 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14350 | |||
| Oval ID: | oval:org.mitre.oval:def:14350 | ||
| Title: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0848 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14351 | |||
| Oval ID: | oval:org.mitre.oval:def:14351 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0094 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14503 | |||
| Oval ID: | oval:org.mitre.oval:def:14503 | ||
| Title: | Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl). | ||
| Description: | Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl). | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0846 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21942 | |||
| Oval ID: | oval:org.mitre.oval:def:21942 | ||
| Title: | RHSA-2010:0339: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0339-01 CESA-2010:0339 CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0088 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0840 CVE-2010-0845 CVE-2010-0847 CVE-2010-0848 | Version: | 198 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22088 | |||
| Oval ID: | oval:org.mitre.oval:def:22088 | ||
| Title: | RHSA-2010:0337: java-1.6.0-sun security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0337-01 CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 | Version: | 341 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22101 | |||
| Oval ID: | oval:org.mitre.oval:def:22101 | ||
| Title: | RHSA-2010:0338: java-1.5.0-sun security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0338-02 CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 | Version: | 328 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.5.0-sun |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22249 | |||
| Oval ID: | oval:org.mitre.oval:def:22249 | ||
| Title: | RHSA-2010:0489: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0489-01 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 | Version: | 120 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22358 | |||
| Oval ID: | oval:org.mitre.oval:def:22358 | ||
| Title: | RHSA-2010:0574: java-1.4.2-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0574-01 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0091 CVE-2010-0095 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 | Version: | 224 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22564 | |||
| Oval ID: | oval:org.mitre.oval:def:22564 | ||
| Title: | ELSA-2010:0383: java-1.6.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0383-01 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 | Version: | 93 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22706 | |||
| Oval ID: | oval:org.mitre.oval:def:22706 | ||
| Title: | ELSA-2010:0574: java-1.4.2-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0574-01 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0091 CVE-2010-0095 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 | Version: | 73 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22952 | |||
| Oval ID: | oval:org.mitre.oval:def:22952 | ||
| Title: | ELSA-2010:0337: java-1.6.0-sun security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0337-01 CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 | Version: | 109 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23097 | |||
| Oval ID: | oval:org.mitre.oval:def:23097 | ||
| Title: | ELSA-2010:0338: java-1.5.0-sun security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0338-02 CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 | Version: | 105 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-sun |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23141 | |||
| Oval ID: | oval:org.mitre.oval:def:23141 | ||
| Title: | ELSA-2010:0489: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0489-01 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 | Version: | 41 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9855 | |||
| Oval ID: | oval:org.mitre.oval:def:9855 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0091 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9899 | |||
| Oval ID: | oval:org.mitre.oval:def:9899 | ||
| Title: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0848 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9974 | |||
| Oval ID: | oval:org.mitre.oval:def:9974 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0840 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Java Runtime CMM readMabCurveData Buffer Overflow | More info here |
| Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow | More info here |
| Java Runtime Environment MixerSequence Function Pointer Control | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2012-02-16 | Java MixerSequencer Object GM_Song Structure Handling Vulnerability |
| 2010-09-27 | Java RMIConnectionImpl Deserialization Privilege Escalation Exploit |
| 2010-12-15 | Java Statement.invoke() Trusted Method Chain Exploit |
| 2010-09-20 | MOAUB #20 - Java CMM readMabCurveData Stack Overflow |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2010:0339 centos5 i386 File : nvt/gb_CESA-2010_0339_java_centos5_i386.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201006_18.nasl |
| 2010-06-07 | Name : HP-UX Update for Java HPSBUX02524 File : nvt/gb_hp_ux_HPSBUX02524.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 7 File : nvt/macosx_java_for_10_5_upd_7.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.6 Update 2 File : nvt/macosx_java_for_10_6_upd_2.nasl |
| 2010-04-30 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2010_084.nasl |
| 2010-04-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-6025 File : nvt/gb_fedora_2010_6025_java-1.6.0-openjdk_fc12.nasl |
| 2010-04-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-6039 File : nvt/gb_fedora_2010_6039_java-1.6.0-openjdk_fc11.nasl |
| 2010-04-09 | Name : Ubuntu Update for openjdk-6 vulnerabilities USN-923-1 File : nvt/gb_ubuntu_USN_923_1.nasl |
| 2010-04-07 | Name : Oracle Java SE Multiple Vulnerabilities (Linux) File : nvt/gb_oracle_java_se_mult_vuln_lin_apr10.nasl |
| 2010-04-07 | Name : Oracle Java SE Multiple Vulnerabilities (Windows) File : nvt/gb_oracle_java_se_mult_vuln_win_apr10.nasl |
| 2010-04-06 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0339-01 File : nvt/gb_RHSA-2010_0339-01_java-1.6.0-openjdk.nasl |
| 2010-03-02 | Name : Mandriva Update for x11-driver-video-ati MDVA-2010:084 (x11-driver-video-ati) File : nvt/gb_mandriva_MDVA_2010_084.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 63506 | Oracle Java SE / Java for Business Java Web Start Java Plug-in Unspecified Re... |
| 63505 | Oracle Java SE / Java for Business Unpack200 Malformed Data Handling Overflow |
| 63503 | Oracle Java SE / Java for Business Java 2D AWT Library Multiple Method Arbitr... |
| 63502 | Oracle Java SE / Java for Business Java 2D JPEGImageDecoderImpl JPEG Decoder ... |
| 63500 | Oracle Java SE / Java for Business Java 2D CMM Module readMabCurveData Functi... |
| 63497 | Oracle Java SE / Java for Business Java Web Start Plug-in Unspecified Unauthe... |
| 63496 | Oracle Java SE / Java for Business Java Web Start Plug-in Unspecified Unauthe... |
| 63495 | Oracle Java SE / Java for Business MIDI Stream MixerSequencer Object metaEven... |
| 63494 | Oracle Java SE / Java for Business Sound Unspecified Unauthenticated Remote I... |
| 63493 | Oracle Java SE / Java for Business Sound MIDI File MixerSequencer Object GM_S... |
| 63492 | Oracle Java SE / Java for Business com.sun.media.sound Library Unspecified Fu... |
| 63491 | Oracle Java SE / Java for Business ImageIO JPEGImageReader JPEG Image Dimensi... |
| 63490 | Oracle Java SE / Java for Business ImageIO JPEGImageEncoderImpl num_component... |
| 63489 | Oracle Java SE / Java for Business JRE Unspecified Unauthenticated Remote Iss... |
| 63488 | Oracle Java SE / Java for Business JRE Unspecified Unauthenticated Remote Iss... |
| 63487 | Oracle Java SE / Java for Business JRE Unspecified Unauthenticated Remote Iss... |
| 63486 | Oracle Java SE / Java for Business JRE Mutable InetAddress Socket Policy Bypass |
| 63484 | Oracle Java SE / Java for Business JRE RMIConnectionImpl Object Handling Priv... |
| 63483 | Oracle Java SE / Java for Business JRE Trusted Methods Chaining Remote Code ... |
| 63482 | Oracle Java SE / Java for Business JRE Unspecified Remote Information Disclos... |
| 63481 | Oracle Java SE / Java for Business JRE Unspecified Remote Information Disclos... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Sakura exploit kit pdf download detection RuleID : 26539 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sakura exploit kit landing page received RuleID : 26538 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sakura exploit kit jar download detection RuleID : 26537 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | rmf file download request RuleID : 24509 - Revision : 5 - Type : FILE-IDENTIFY |
| 2014-01-10 | Oracle Java MixerSequencer RMF MIDI structure handling exploit attempt RuleID : 23490 - Revision : 8 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Phoenix exploit kit post-compromise behavior RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC |
| 2014-01-10 | Phoenix exploit kit landing page RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java runtime RMIConnectionImpl deserialization execution attempt RuleID : 21387 - Revision : 11 - Type : FILE-JAVA |
| 2014-01-10 | Eleanore exploit kit post-exploit page request RuleID : 21071 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit pdf exploit page request RuleID : 21070 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit exploit fetch request RuleID : 21069 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit landing page RuleID : 21068 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java trusted method chaining attempt RuleID : 20529 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Soundbank resource name overflow attempt RuleID : 19100 - Revision : 12 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Runtime CMM readMabCurveData buffer overflow attempt RuleID : 18803 - Revision : 12 - Type : SERVER-WEBAPP |
| 2014-01-10 | download of RMF file - potentially malicious RuleID : 17106 - Revision : 10 - Type : FILE-IDENTIFY |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0339.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : oracle_java_cpu_mar_2010_unix.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100331_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100331_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-100525.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-100610.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-100728.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7077.nasl - Type : ACT_GATHER_INFO |
| 2010-09-03 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12626.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0574.nasl - Type : ACT_GATHER_INFO |
| 2010-07-07 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12623.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6025.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6039.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6279.nasl - Type : ACT_GATHER_INFO |
| 2010-06-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0489.nasl - Type : ACT_GATHER_INFO |
| 2010-06-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0471.nasl - Type : ACT_GATHER_INFO |
| 2010-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0339.nasl - Type : ACT_GATHER_INFO |
| 2010-06-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-18.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update7.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update2.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0339.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0337.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0383.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0338.nasl - Type : ACT_GATHER_INFO |
| 2010-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-100428.nasl - Type : ACT_GATHER_INFO |
| 2010-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-100412.nasl - Type : ACT_GATHER_INFO |
| 2010-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-100428.nasl - Type : ACT_GATHER_INFO |
| 2010-04-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-084.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-923-1.nasl - Type : ACT_GATHER_INFO |
| 2010-03-30 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : oracle_java_cpu_mar_2010.nasl - Type : ACT_GATHER_INFO |
| 2010-03-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0130.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:53:29 |
|
