Executive Summary
Summary | |
---|---|
Title | java-1.7.0-oracle security update |
Informations | |||
---|---|---|---|
Name | RHSA-2014:0902 | First vendor Publication | 2014-07-18 |
Vendor | RedHat | Last vendor Modification | 2014-07-18 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4219, CVE-2014-2490, CVE-2014-4216, CVE-2014-4223, CVE-2014-4262, CVE-2014-2483, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4221, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265, CVE-2014-4220, CVE-2014-4208, CVE-2014-4264) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 65 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1075795 - CVE-2014-4262 OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520) 1119475 - CVE-2014-4244 OpenJDK: RSA blinding issues (Security, 8031346) 1119476 - CVE-2014-4263 OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162) 1119483 - CVE-2014-4221 OpenJDK: MethodHandles.Lookup insufficient modifiers checks (Libraries, 8035788) 1119596 - CVE-2014-4219 OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119) 1119597 - CVE-2014-2490 OpenJDK: Event logger format string vulnerability (Hotspot, 8037076) 1119600 - CVE-2014-4216 OpenJDK: Incorrect generic signature attribute parsing (Hotspot, 8037076) 1119602 - CVE-2014-4223 OpenJDK: Incorrect handling of invocations with exhausted ranks (Libraries, 8035793) 1119608 - CVE-2014-4209 OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755) 1119611 - CVE-2014-4218 OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009) 1119613 - CVE-2014-4252 OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004) 1119615 - CVE-2014-4266 OpenJDK: InfoBuilder incorrect return values (Serviceability, 8033301) 1119622 - CVE-2014-4264 OpenJDK: Incorrect TLS/EC management (Security, 8031340) 1119626 - CVE-2014-2483 OpenJDK: Restrict use of privileged annotations (Libraries, 8034985) 1119912 - CVE-2014-4227 Oracle JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment) 1119913 - CVE-2014-4265 Oracle JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment) 1119914 - CVE-2014-4220 Oracle JDK: unspecified vulnerability fixed in 7u65 and 8u11 (Deployment) 1119915 - CVE-2014-4208 Oracle JDK: unspecified vulnerability fixed in 7u65 and 8u11 (Deployment) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2014-0902.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:24440 | |||
Oval ID: | oval:org.mitre.oval:def:24440 | ||
Title: | RHSA-2014:0889: java-1.7.0-openjdk security update (Critical) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0889-00 CESA-2014:0889 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24614 | |||
Oval ID: | oval:org.mitre.oval:def:24614 | ||
Title: | DEPRECATED: RHSA-2014:0889: java-1.7.0-openjdk security update (Critical) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0889-00 CESA-2014:0889 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24729 | |||
Oval ID: | oval:org.mitre.oval:def:24729 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4208) | ||
Description: | Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4208 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24806 | |||
Oval ID: | oval:org.mitre.oval:def:24806 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4262) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4262 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24828 | |||
Oval ID: | oval:org.mitre.oval:def:24828 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity (CVE-2014-4218) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4218 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24873 | |||
Oval ID: | oval:org.mitre.oval:def:24873 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-4223) | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4223 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24964 | |||
Oval ID: | oval:org.mitre.oval:def:24964 | ||
Title: | DEPRECATED: RHSA-2014:0890: java-1.7.0-openjdk security update (Important) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0890-00 CESA-2014:0890 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24985 | |||
Oval ID: | oval:org.mitre.oval:def:24985 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-2483) | ||
Description: | Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2483 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25066 | |||
Oval ID: | oval:org.mitre.oval:def:25066 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity (CVE-2014-4263) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4263 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25092 | |||
Oval ID: | oval:org.mitre.oval:def:25092 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4219) | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4219 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25104 | |||
Oval ID: | oval:org.mitre.oval:def:25104 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4220) | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4220 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25136 | |||
Oval ID: | oval:org.mitre.oval:def:25136 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity (CVE-2014-4209) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4209 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25154 | |||
Oval ID: | oval:org.mitre.oval:def:25154 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability | ||
Description: | Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2490 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25160 | |||
Oval ID: | oval:org.mitre.oval:def:25160 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4216) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4216 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25202 | |||
Oval ID: | oval:org.mitre.oval:def:25202 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4266) | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4266 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25203 | |||
Oval ID: | oval:org.mitre.oval:def:25203 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity (CVE-2014-4265) | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4265 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25216 | |||
Oval ID: | oval:org.mitre.oval:def:25216 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability (CVE-2014-4264) | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4264 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25224 | |||
Oval ID: | oval:org.mitre.oval:def:25224 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity (CVE-2014-4244) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4244 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25249 | |||
Oval ID: | oval:org.mitre.oval:def:25249 | ||
Title: | RHSA-2014:0890: java-1.7.0-openjdk security update (Important) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0890-00 CESA-2014:0890 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25250 | |||
Oval ID: | oval:org.mitre.oval:def:25250 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4227) | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4227 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25273 | |||
Oval ID: | oval:org.mitre.oval:def:25273 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4252) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4252 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25281 | |||
Oval ID: | oval:org.mitre.oval:def:25281 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4221) | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4221 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25312 | |||
Oval ID: | oval:org.mitre.oval:def:25312 | ||
Title: | RHSA-2014:0902: java-1.7.0-oracle security update (Critical) | ||
Description: | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4219, CVE-2014-2490, CVE-2014-4216, CVE-2014-4223, CVE-2014-4262, CVE-2014-2483, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4221, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265, CVE-2014-4220, CVE-2014-4208, CVE-2014-4264) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 65 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0902-00 CVE-2014-2483 CVE-2014-2490 CVE-2014-4208 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4220 CVE-2014-4221 CVE-2014-4223 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4265 CVE-2014-4266 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 | Product(s): | java-1.7.0-oracle |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25358 | |||
Oval ID: | oval:org.mitre.oval:def:25358 | ||
Title: | RHSA-2014:0907: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * Prior to this update, an application accessing an unsynchronized HashMap could potentially enter an infinite loop and consume an excessive amount of CPU resources. This update resolves this issue. (BZ#1115580) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0907-00 CESA-2014:0907 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 5 CentOS Linux 6 CentOS Linux 7 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25428 | |||
Oval ID: | oval:org.mitre.oval:def:25428 | ||
Title: | RHSA-2014:0908: java-1.6.0-sun security update (Important) | ||
Description: | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2014-4219, CVE-2014-4216, CVE-2014-4262, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 81 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0908-00 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4265 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 | Product(s): | java-1.6.0-sun |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26182 | |||
Oval ID: | oval:org.mitre.oval:def:26182 | ||
Title: | SUSE-SU-2014:0961-1 -- Security update for openjdk | ||
Description: | This Critical Patch Update contains 20 new security fixes for Oracle Java SE. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:0961-1 CVE-2014-4227 CVE-2014-4219 CVE-2014-2490 CVE-2014-4216 CVE-2014-4247 CVE-2014-2483 CVE-2014-4223 CVE-2014-4262 CVE-2014-4209 CVE-2014-4265 CVE-2014-4220 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-4268 CVE-2014-4264 CVE-2014-4221 CVE-2014-4244 CVE-2014-4263 CVE-2014-4208 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | openjdk |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26557 | |||
Oval ID: | oval:org.mitre.oval:def:26557 | ||
Title: | SUSE-SU-2014:1055-1 -- Security update for IBM Java | ||
Description: | java-1_6_0-ibm has been updated to fix several security issues. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1055-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4265 CVE-2014-4263 CVE-2014-4244 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26705 | |||
Oval ID: | oval:org.mitre.oval:def:26705 | ||
Title: | SUSE-SU-2014:1037-1 -- Security update for IBM Java 1.7.0 | ||
Description: | IBM Java 1.7.0 has been updated to fix 14 security issues. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1037-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4220 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-4265 CVE-2014-4221 CVE-2014-4263 CVE-2014-4244 CVE-2014-4208 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java 1.7.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26866 | |||
Oval ID: | oval:org.mitre.oval:def:26866 | ||
Title: | DEPRECATED: SUSE-SU-2014:1037-1 -- Security update for IBM Java 1.7.0 | ||
Description: | IBM Java 1.7.0 has been updated to fix 14 security issues. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1037-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4220 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-4265 CVE-2014-4221 CVE-2014-4263 CVE-2014-4244 CVE-2014-4208 | Version: | 4 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java 1.7.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26967 | |||
Oval ID: | oval:org.mitre.oval:def:26967 | ||
Title: | DEPRECATED: SUSE-SU-2014:1055-1 -- Security update for IBM Java | ||
Description: | java-1_6_0-ibm has been updated to fix several security issues. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1055-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4265 CVE-2014-4263 CVE-2014-4244 | Version: | 4 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26995 | |||
Oval ID: | oval:org.mitre.oval:def:26995 | ||
Title: | ELSA-2014-0890 -- java-1.7.0-openjdk security update (important) | ||
Description: | [1.7.0.65-2.5.1.2.0.1.el5_10] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.65-2.5.1.2] - added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch - Resolves: rhbz#1115872 [1.7.0.65-2.5.1.1.el5] - updated to security patched icedtea7-forest 2.5.1 - Resolves: rhbz#1115872 [1.7.0.60-2.5.0.1.el5] - update to icedtea7-forest 2.5.0 (rh1114937) - Resolves: rhbz#1115872 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-0890 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 5 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 | |
Application | 4 | |
Application | 2 | |
Application | 1 | |
Os | 1 | |
Os | 2 | |
Os | 3 |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-01-22 | IAVM : 2015-B-0007 - Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa... Severity : Category I - VMSKEY : V0058213 |
2014-07-17 | IAVM : 2014-A-0105 - Multiple Vulnerabilities in Oracle Java Severity : Category I - VMSKEY : V0053191 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-07-23 | Oracle Java AtomicReferenceFieldUpdater remote code execution attempt RuleID : 50460 - Revision : 1 - Type : FILE-JAVA |
2019-07-23 | Oracle Java AtomicReferenceFieldUpdater remote code execution attempt RuleID : 50459 - Revision : 1 - Type : FILE-JAVA |
2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37805 - Revision : 3 - Type : FILE-JAVA |
2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37804 - Revision : 4 - Type : FILE-JAVA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-96.nasl - Type : ACT_GATHER_INFO |
2015-03-12 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_rational_clearquest_8_0_1_6.nasl - Type : ACT_GATHER_INFO |
2015-02-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0264.nasl - Type : ACT_GATHER_INFO |
2015-02-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-12.nasl - Type : ACT_GATHER_INFO |
2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO |
2014-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-773.nasl - Type : ACT_GATHER_INFO |
2014-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-772.nasl - Type : ACT_GATHER_INFO |
2014-12-12 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO |
2014-12-12 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO |
2014-11-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0908.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0902.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-387.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-383.nasl - Type : ACT_GATHER_INFO |
2014-09-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2319-3.nasl - Type : ACT_GATHER_INFO |
2014-08-29 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_5_3.nasl - Type : ACT_GATHER_INFO |
2014-08-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2319-2.nasl - Type : ACT_GATHER_INFO |
2014-08-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140815.nasl - Type : ACT_GATHER_INFO |
2014-08-22 | Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_jul2014_advisory.nasl - Type : ACT_GATHER_INFO |
2014-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2319-1.nasl - Type : ACT_GATHER_INFO |
2014-08-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140815.nasl - Type : ACT_GATHER_INFO |
2014-08-20 | Name : A web application on the remote host is affected by multiple vulnerabilities. File : puppet_enterprise_331.nasl - Type : ACT_GATHER_INFO |
2014-08-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2312-1.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1042.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1041.nasl - Type : ACT_GATHER_INFO |
2014-08-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1036.nasl - Type : ACT_GATHER_INFO |
2014-08-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1033.nasl - Type : ACT_GATHER_INFO |
2014-08-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-140721.nasl - Type : ACT_GATHER_INFO |
2014-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-141.nasl - Type : ACT_GATHER_INFO |
2014-07-29 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
2014-07-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2987.nasl - Type : ACT_GATHER_INFO |
2014-07-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2980.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0907.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0907.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0907.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140721_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140716_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140716_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0890.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0889.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0890.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0889.nasl - Type : ACT_GATHER_INFO |
2014-07-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
2014-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0890.nasl - Type : ACT_GATHER_INFO |
2014-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0889.nasl - Type : ACT_GATHER_INFO |
2014-07-16 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_jul_2014_unix.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-11-08 13:32:09 |
|
2014-07-18 05:25:16 |
|