Executive Summary
Summary | |
---|---|
Title | Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter |
Informations | |||
---|---|---|---|
Name | VMSA-2008-0010 | First vendor Publication | 2008-06-16 |
Vendor | VMware | Last vendor Modification | 2008-08-29 |
Severity (Vendor) | N/A | Revision | 3 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. Tomcat Server Security Update The ESX patches and the updates for VirtualCenter update the Tomcat Server package to version 5.5.26, which addresses multiple security issues that existed in earlier releases of Tomcat Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26. b. JRE Security Update The ESX patches and the updates for VirtualCenter update the JRE package to version 1.5.0_15, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5274 to the security issues fixed in JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2008-0010.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
61 % | CWE-264 | Permissions, Privileges, and Access Controls |
17 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
11 % | CWE-254 | Security Features |
6 % | CWE-200 | Information Exposure |
6 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10417 | |||
Oval ID: | oval:org.mitre.oval:def:10417 | ||
Title: | The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler. | ||
Description: | The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5342 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11177 | |||
Oval ID: | oval:org.mitre.oval:def:11177 | ||
Title: | Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. | ||
Description: | Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5333 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18430 | |||
Oval ID: | oval:org.mitre.oval:def:18430 | ||
Title: | DSA-1453-1 tomcat5 - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1453-1 CVE-2007-3382 CVE-2007-3385 CVE-2007-5461 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18716 | |||
Oval ID: | oval:org.mitre.oval:def:18716 | ||
Title: | DSA-1447-1 tomcat5.5 several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1447-1 CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5.5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21767 | |||
Oval ID: | oval:org.mitre.oval:def:21767 | ||
Title: | ELSA-2008:0555: java-1.4.2-ibm security update (Critical) | ||
Description: | Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0555-01 CVE-2008-1187 CVE-2008-1196 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21783 | |||
Oval ID: | oval:org.mitre.oval:def:21783 | ||
Title: | ELSA-2007:0963: java-1.5.0-sun security update (Important) | ||
Description: | The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0963-01 CVE-2007-5232 CVE-2007-5238 CVE-2007-5239 CVE-2007-5240 CVE-2007-5273 CVE-2007-5274 CVE-2007-5689 | Version: | 33 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-sun |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22027 | |||
Oval ID: | oval:org.mitre.oval:def:22027 | ||
Title: | ELSA-2008:0243: java-1.4.2-bea security update (Moderate) | ||
Description: | Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0243-01 CVE-2008-1187 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-bea |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22181 | |||
Oval ID: | oval:org.mitre.oval:def:22181 | ||
Title: | ELSA-2008:0245: java-1.6.0-bea security update (Moderate) | ||
Description: | Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0245-01 CVE-2008-0628 CVE-2008-1187 CVE-2008-1193 CVE-2008-1194 | Version: | 21 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-bea |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22301 | |||
Oval ID: | oval:org.mitre.oval:def:22301 | ||
Title: | ELSA-2008:0100: java-1.4.2-bea security update (Moderate) | ||
Description: | Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0100-01 CVE-2007-4381 CVE-2007-2788 CVE-2007-2789 CVE-2007-3698 CVE-2007-5232 CVE-2007-5240 CVE-2007-5273 CVE-2007-5239 | Version: | 37 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-bea |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22548 | |||
Oval ID: | oval:org.mitre.oval:def:22548 | ||
Title: | ELSA-2007:1041: java-1.5.0-ibm security update (Important) | ||
Description: | Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:1041-01 CVE-2007-5232 CVE-2007-5238 CVE-2007-5240 CVE-2007-5239 CVE-2007-5273 CVE-2007-5274 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22586 | |||
Oval ID: | oval:org.mitre.oval:def:22586 | ||
Title: | ELSA-2008:0123: java-1.5.0-sun security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0123-01 CVE-2008-0657 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-sun |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22691 | |||
Oval ID: | oval:org.mitre.oval:def:22691 | ||
Title: | ELSA-2008:0156: java-1.5.0-bea security update (Moderate) | ||
Description: | Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0156-02 CVE-2007-5232 CVE-2007-5239 CVE-2007-5240 CVE-2007-5273 CVE-2008-0657 | Version: | 25 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-bea |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22712 | |||
Oval ID: | oval:org.mitre.oval:def:22712 | ||
Title: | ELSA-2008:0244: java-1.5.0-bea security update (Moderate) | ||
Description: | Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0244-01 CVE-2008-1187 CVE-2008-1193 CVE-2008-1194 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-bea |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7988 | |||
Oval ID: | oval:org.mitre.oval:def:7988 | ||
Title: | DSA-1453 tomcat5 -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. It was discovered that the character sequence \' in cookies was handled incorrectly, which could lead to an information leak. It was discovered that the WebDAV servlet is vulnerable to absolute path traversal. The old stable distribution (sarge) doesn't contain tomcat5. For the stable distribution (etch), these problems have been fixed in version 5.0.30-12etch1. The unstable distribution (sid) no longer contains tomcat5. We recommend that you upgrade your tomcat5 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1453 CVE-2007-3382 CVE-2007-3385 CVE-2007-5461 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7989 | |||
Oval ID: | oval:org.mitre.oval:def:7989 | ||
Title: | DSA-1447 tomcat5.5 -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. It was discovered that the character sequence \' in cookies was handled incorrectly, which could lead to an information leak. It was discovered that the host manager servlet performed insufficient input validation, which could lead to a cross-site scripting attack. It was discovered that the JULI logging component did not restrict its target path, resulting in potential denial of service through file overwrites. It was discovered that the WebDAV servlet is vulnerable to absolute path traversal. The old stable distribution (sarge) doesn't contain tomcat5.5. For the stable distribution (etch), these problems have been fixed in version 5.5.20-2etch1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your tomcat5.5 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1447 CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5.5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9202 | |||
Oval ID: | oval:org.mitre.oval:def:9202 | ||
Title: | Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. | ||
Description: | Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5461 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9585 | |||
Oval ID: | oval:org.mitre.oval:def:9585 | ||
Title: | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue." | ||
Description: | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1186 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9672 | |||
Oval ID: | oval:org.mitre.oval:def:9672 | ||
Title: | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue." | ||
Description: | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1185 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9898 | |||
Oval ID: | oval:org.mitre.oval:def:9898 | ||
Title: | The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. | ||
Description: | The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5689 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for tomcat5 CESA-2009:1164 centos5 i386 File : nvt/gb_CESA-2009_1164_tomcat5_centos5_i386.nasl |
2010-09-14 | Name : Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5) File : nvt/gb_mandriva_MDVSA_2010_176.nasl |
2010-05-28 | Name : Java for Mac OS X 10.5 Update 2 File : nvt/macosx_java_for_10_5_upd_2.nasl |
2010-05-12 | Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004 File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl |
2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1562 File : nvt/RHSA_2009_1562.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1563 File : nvt/RHSA_2009_1563.nasl |
2009-10-13 | Name : SLES10: Security update for Websphere Community Edition File : nvt/sles10_websphere-as_ce0.nasl |
2009-10-13 | Name : SLES10: Security update for epiphany File : nvt/sles10_mozilla-xulrunn.nasl |
2009-10-13 | Name : SLES10: Security update for IBM Java 1.5.0 File : nvt/sles10_java-1_5_0-ibm4.nasl |
2009-10-13 | Name : SLES10: Security update for Sun Java File : nvt/sles10_java-1_4_2-sun1.nasl |
2009-10-13 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm3.nasl |
2009-10-13 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm1.nasl |
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5022953.nasl |
2009-10-10 | Name : SLES9: Security update for Java2 File : nvt/sles9p5023078.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java 5 and JRE File : nvt/sles9p5023460.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java 2 JRE and SDK File : nvt/sles9p5023603.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java2 JRE and SDK File : nvt/sles9p5033560.nasl |
2009-10-10 | Name : SLES9: Security update for IBMJava5-JRE,IBMJava5-SDK File : nvt/sles9p5021818.nasl |
2009-10-10 | Name : SLES9: Security update for Sun Java 2 File : nvt/sles9p5020427.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1164 (tomcat) File : nvt/ovcesa2009_1164.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1164 File : nvt/RHSA_2009_1164.nasl |
2009-05-05 | Name : HP-UX Update for Java JRE and JDK HPSBUX02284 File : nvt/gb_hp_ux_HPSBUX02284.nasl |
2009-04-09 | Name : Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5) File : nvt/gb_mandriva_MDVSA_2008_188.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:080 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_080.nasl |
2009-04-09 | Name : Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5) File : nvt/gb_mandriva_MDKSA_2007_241.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-592-1 File : nvt/gb_ubuntu_USN_592_1.nasl |
2009-03-06 | Name : RedHat Update for tomcat RHSA-2008:0042-01 File : nvt/gb_RHSA-2008_0042-01_tomcat.nasl |
2009-02-27 | Name : Fedora Update for tomcat5 FEDORA-2007-3474 File : nvt/gb_fedora_2007_3474_tomcat5_fc8.nasl |
2009-02-27 | Name : Fedora Update for tomcat5 FEDORA-2007-3456 File : nvt/gb_fedora_2007_3456_tomcat5_fc7.nasl |
2009-02-18 | Name : SuSE Security Summary SUSE-SR:2009:004 File : nvt/suse_sr_2009_004.nasl |
2009-02-17 | Name : Fedora Update for tomcat5 FEDORA-2008-8130 File : nvt/gb_fedora_2008_8130_tomcat5_fc8.nasl |
2009-02-16 | Name : Fedora Update for tomcat5 FEDORA-2008-1467 File : nvt/gb_fedora_2008_1467_tomcat5_fc7.nasl |
2009-02-16 | Name : Fedora Update for tomcat5 FEDORA-2008-1603 File : nvt/gb_fedora_2008_1603_tomcat5_fc8.nasl |
2009-01-28 | Name : SuSE Update for Sun Java SUSE-SA:2007:055 File : nvt/gb_suse_2007_055.nasl |
2009-01-23 | Name : SuSE Update for Sun Java SUSE-SA:2008:018 File : nvt/gb_suse_2008_018.nasl |
2009-01-23 | Name : SuSE Update for IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm SUSE-SA:2008... File : nvt/gb_suse_2008_025.nasl |
2009-01-23 | Name : SuSE Update for MozillaFirefox SUSE-SA:2008:019 File : nvt/gb_suse_2008_019.nasl |
2009-01-20 | Name : Mandrake Security Advisory MDVSA-2009:018 (tomcat5) File : nvt/mdksa_2009_018.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-10 (tomcat) File : nvt/glsa_200804_10.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-20 (sun-jdk, sun-jre-bin, emul-linux-x86... File : nvt/glsa_200804_20.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-28 (jrockit-jdk-bin) File : nvt/glsa_200804_28.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200806-11 (ibm-jdk-bin ibm-jre-bin) File : nvt/glsa_200806_11.nasl |
2008-09-04 | Name : FreeBSD Ports: jdk File : nvt/freebsd_jdk1.nasl |
2008-06-17 | Name : Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Lin) File : nvt/mozilla_CB-A08-0017.nasl |
2008-06-17 | Name : Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Win) File : nvt/smbcl_mozilla.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1453-1 (tomcat5) File : nvt/deb_1453_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1447-1 (tomcat5.5) File : nvt/deb_1447_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42602 | Sun Java Web Start Application JNLP File Handling Overflow (6660121) |
42601 | Sun Java JRE JavaScript Arbitrary Java API Access Java JRE/JDK contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a Java applet is able to access arbitrary network services via unspecified vectors in the Java API. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
42600 | Sun Java JRE Color Management Library Applet Handling sun.awt.color.CMM.cmmCo... |
42599 | Sun Java JRE Color Management Library SpCurveToPublic Overflow DoS |
42598 | Sun Java JRE Image Parsing Library Applet Privilege Escalation (6633278) |
42597 | Sun Java Plug-in Applet Handling Policy Bypass Privilege Escalation (6608712) |
42596 | Sun Java Web Start Untrusted Application Unspecified Privilege Escalation (66... |
42595 | Sun Java Web Start Untrusted Application Unspecified Privilege Escalation (66... |
42594 | Sun Java Web Start useEncodingDecl() Function XML Header Parsing Overflow |
42593 | Sun Java Web Start Unspecified Application Handling Overflow (6605187) |
42592 | Sun Java Web Start Unspecified Application Handling Overflow (6605184) |
42591 | Sun Java JRE XSLT Transformation Processing Privilege Escalation |
42590 | Sun Java Runtime Environment Virtual Machine Untrusted Applet Privilege Escal... |
42589 | Sun Java Runtime Environment Virtual Machine Untrusted Applet Privilege Escal... |
41436 | Apache Tomcat Native APR Connector Duplicate Request Issue |
41435 | Apache Tomcat %5C Cookie Handling Session ID Disclosure |
41147 | Sun Java JDK / JRE Unspecified Applet Handling Privilege Escalation (6529591) |
41146 | Sun Java JDK / JRE Unspecified Applet Handling Privilege Escalation (6529590) |
40834 | Sun Java JDK / JRE Java Virtual Machine (JVM) Unspecified Applet Privilege Es... |
39833 | Apache Tomcat JULI Logging Component catalina.policy Security Bypass |
38187 | Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access |
37765 | Sun Java JDK / JRE Applet Outbound DNS Rebinding Issue |
37764 | Sun Java JDK / JRE on Windows Untrusted Application Arbitrary File Access |
37763 | Sun Java JDK / JRE Untrusted Application Arbitrary File Manipulation |
37762 | Sun Java JDK / JRE Multiple Unspecified Information Disclosure |
37761 | Sun Java JDK / JRE Local Drag-and-drop Operation Access Restriction Bypass |
37760 | Sun Java JDK / JRE Untrusted Applet Warning Banner Display Bypass |
37759 | Sun Java JDK / JRE LiveConnect API DNS Rebinding Security Bypass |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Oracle Java Web Start xml encoding buffer overflow attempt RuleID : 15081 - Revision : 14 - Type : FILE-JAVA |
2014-01-10 | Apache Tomcat WebDAV system tag remote file disclosure attempt RuleID : 12711 - Revision : 6 - Type : SERVER-APACHE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1164.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0207.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0042.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_jre_233321_unix.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host has an application that is affected by privilege escalat... File : sun_java_jre_231261_unix.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_jre_103079_unix.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0831.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0834.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0833.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0832.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0267.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0245.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0213.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0151.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071128_jdk__java__on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080114_jdk__java__on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080311_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090723_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080714_java__jdk_1_5_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-09-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-176.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_5_5_26.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_16.nasl - Type : ACT_GATHER_INFO |
2010-06-16 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_37.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1616.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1617.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0630.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0042.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1164.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12210.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_websphere-as_ce-5850.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12142.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1041.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0555.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0244.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0243.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0210.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0186.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0156.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0132.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0123.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0100.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0963.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0010.nasl - Type : ACT_GATHER_INFO |
2009-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1164.nasl - Type : ACT_GATHER_INFO |
2009-06-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-136.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-018.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-188.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-080.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-241.nasl - Type : ACT_GATHER_INFO |
2008-10-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO |
2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_10_5_update2.nasl - Type : ACT_GATHER_INFO |
2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_rel7.nasl - Type : ACT_GATHER_INFO |
2008-09-17 | Name : The remote Fedora host is missing a security update. File : fedora_2008-8130.nasl - Type : ACT_GATHER_INFO |
2008-08-22 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-5465.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-5182.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-5183.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5167.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-20.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner181-5158.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner-5163.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner-5164.nasl - Type : ACT_GATHER_INFO |
2008-04-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-10.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5153.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_4_2-sun-5130.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-sun-5131.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-5133.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-5132.nasl - Type : ACT_GATHER_INFO |
2008-04-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5134.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5135.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0207.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-592-1.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0207.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20013.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_119.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0042.nasl - Type : ACT_GATHER_INFO |
2008-03-06 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_jre_233321.nasl - Type : ACT_GATHER_INFO |
2008-03-04 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_jk-4997.nasl - Type : ACT_GATHER_INFO |
2008-03-04 | Name : The remote Windows host has an application that is affected by privilege esca... File : sun_java_jre_231261.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1603.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1467.nasl - Type : ACT_GATHER_INFO |
2008-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1453.nasl - Type : ACT_GATHER_INFO |
2008-01-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1447.nasl - Type : ACT_GATHER_INFO |
2007-12-17 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_rel6.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-sun-4533.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-4687.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3474.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3456.nasl - Type : ACT_GATHER_INFO |
2007-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-4525.nasl - Type : ACT_GATHER_INFO |
2007-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-4527.nasl - Type : ACT_GATHER_INFO |
2007-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_4_2-sun-4536.nasl - Type : ACT_GATHER_INFO |
2007-10-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c93e4d4175c511dcb9030016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2007-10-05 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_jre_103079.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:08 |
|