This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2010-04-15
Product Jre Last view 2017-12-29
Version 1.5.0 Type Application
Update update_71  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:oracle:jre

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.3 2017-12-29 CVE-2013-4578

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

2.6 2014-10-15 CVE-2014-6558

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.

4.3 2014-10-15 CVE-2014-6531

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.

4.3 2014-10-15 CVE-2014-6512

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.

5 2014-10-15 CVE-2014-6511

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.

6.8 2014-10-15 CVE-2014-6506

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

5 2014-10-15 CVE-2014-6504

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot.

2.6 2014-10-15 CVE-2014-6502

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.

4 2014-10-15 CVE-2014-6457

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.

2.6 2013-10-16 CVE-2013-5854

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors.

7.6 2013-10-16 CVE-2013-5852

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5832.

5 2013-10-16 CVE-2013-5851

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.

9.3 2013-10-16 CVE-2013-5850

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842.

4.3 2013-10-16 CVE-2013-5849

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.

5 2013-10-16 CVE-2013-5848

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.

9.3 2013-10-16 CVE-2013-5846

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and JavaFX 2.2.40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

9.3 2013-10-16 CVE-2013-5844

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

10 2013-10-16 CVE-2013-5843

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10 2013-10-16 CVE-2013-5842

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850.

5 2013-10-16 CVE-2013-5840

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.

9.3 2013-10-16 CVE-2013-5838

Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

9.3 2013-10-16 CVE-2013-5832

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5852.

5 2013-10-16 CVE-2013-5831

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5819.

10 2013-10-16 CVE-2013-5830

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

10 2013-10-16 CVE-2013-5829

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809.

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-310 Cryptographic Issues
20% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
20% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

SAINT Exploits

Description Link
Java JAX-WS gmbal package sandbox breach More info here
Java JAX-WS statistics.impl package sandbox breach More info here
Oracle Java java.awt.image.ByteComponentRaster Overflow More info here
Java SE AtomicReferenceArray Unsafe Security Bypass More info here
Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion More info here
Oracle Java Runtime Environment AWT storeImageArray Vulnerability More info here
Java Runtime Environment Hotspot final field vulnerability More info here
Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow More info here
Java Web Start initial heap size command injection More info here
Java Runtime Environment Color Management memory overwrite More info here
Oracle Java findMethod findClass Security Bypass More info here
Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability More info here

Open Source Vulnerability Database (OSVDB)

id Description
76513 Oracle Java SE JRE Deployment Component Unspecified Remote Information Disclo...
76511 Oracle Java SE JRE Networking Component Unspecified Remote Information Disclo...
76509 Oracle Java SE JRE Deployment Component Unspecified Remote Issue (2011-3546)
63648 Sun Java Deployment Toolkit javaw.exe JAR File Handling Arbitrary Code Execu...

ExploitDB Exploits

id Description
28050 Oracle Java lookUpByteBI - Heap Buffer Overflow
27705 Java storeImageArray() Invalid Array Indexing Vulnerability
26529 Java Applet ProviderSkeleton Insecure Invoke Method
26123 Java Web Start Double Quote Injection Remote Code Execution
24966 Java Web Start Launcher ActiveX Control - Memory Corruption
24904 Java CMM Remote Code Execution
24309 Java Applet AverageRangeStatisticImpl Remote Code Execution
24308 Java Applet Method Handle Remote Code Execution
22657 Java Applet JAX-WS Remote Code Execution
19717 Java Applet Field Bytecode Verifier Cache Remote Code Execution
18679 Java AtomicReferenceArray Type Violation Vulnerability

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-13 Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1423-1 (java-1_6_0-openjdk)
File : nvt/gb_suse_2012_1423_1.nasl
2012-12-13 Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0828-1 (java-1_6_0-openjdk)
File : nvt/gb_suse_2012_0828_1.nasl
2012-12-13 Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1424-1 (java-1_6_0-openjdk)
File : nvt/gb_suse_2012_1424_1.nasl
2012-12-13 Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1175-1 (java-1_6_0-openjdk)
File : nvt/gb_suse_2012_1175_1.nasl
2012-12-04 Name : Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows)
File : nvt/gb_oracle_java_se_murmurhash_dos_vuln_win.nasl
2012-12-04 Name : Oracle Java SE Hash Collision DoS Vulnerability (Windows)
File : nvt/gb_oracle_java_se_hash_collision_dos_vuln_win.nasl
2012-11-02 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:169 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2012_169.nasl
2012-10-29 Name : Ubuntu Update for openjdk-7 USN-1619-1
File : nvt/gb_ubuntu_USN_1619_1.nasl
2012-10-19 Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows)
File : nvt/gb_oracle_java_se_mult_vuln04_oct12_win.nasl
2012-10-19 Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351
File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl
2012-10-19 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-16351
File : nvt/gb_fedora_2012_16351_java-1.6.0-openjdk_fc16.nasl
2012-10-19 Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16346
File : nvt/gb_fedora_2012_16346_java-1.7.0-openjdk_fc17.nasl
2012-10-19 Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows)
File : nvt/gb_oracle_java_se_mult_vuln03_oct12_win.nasl
2012-10-19 Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01
File : nvt/gb_RHSA-2012_1386-01_java-1.7.0-openjdk.nasl
2012-10-19 Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1385-01
File : nvt/gb_RHSA-2012_1385-01_java-1.6.0-openjdk.nasl
2012-10-19 Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1384-01
File : nvt/gb_RHSA-2012_1384-01_java-1.6.0-openjdk.nasl
2012-10-19 Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows)
File : nvt/gb_oracle_java_se_mult_vuln02_oct12_win.nasl
2012-10-19 Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows)
File : nvt/gb_oracle_java_se_mult_vuln01_oct12_win.nasl
2012-10-19 Name : CentOS Update for java CESA-2012:1386 centos6
File : nvt/gb_CESA-2012_1386_java_centos6.nasl
2012-10-19 Name : CentOS Update for java CESA-2012:1385 centos5
File : nvt/gb_CESA-2012_1385_java_centos5.nasl
2012-10-19 Name : CentOS Update for java CESA-2012:1384 centos6
File : nvt/gb_CESA-2012_1384_java_centos6.nasl
2012-10-09 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:150-1 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2012_150_1.nasl
2012-09-22 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-13127
File : nvt/gb_fedora_2012_13127_java-1.6.0-openjdk_fc16.nasl
2012-09-21 Name : Java for Mac OS X 10.6 Update 10
File : nvt/gb_macosx_java_10_6_upd_10.nasl
2012-09-06 Name : Ubuntu Update for icedtea-web USN-1505-2
File : nvt/gb_ubuntu_USN_1505_2.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-B-0019 Multiple Vulnerabilities in Apache Tomcat
Severity: Category I - VMSKEY: V0044527
2013-A-0191 Multiple Vulnerabilities in Java for Mac OS X
Severity: Category I - VMSKEY: V0040779
2013-A-0200 Multiple Vulnerabilities in Oracle Java
Severity: Category I - VMSKEY: V0040783
2012-A-0153 Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity: Category I - VMSKEY: V0033884
2012-A-0146 Multiple Vulnerabilities in VMware vCenter Update Manager 4.1
Severity: Category I - VMSKEY: V0033792
2012-A-0147 Multiple Vulnerabilities in VMware vCenter Server 4.1
Severity: Category I - VMSKEY: V0033793
2012-A-0148 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0033794
2012-A-0048 Multiple Vulnerabilities in VMware vCenter Update Manager 5.0
Severity: Category I - VMSKEY: V0031901

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-05-21 Oracle Java privileged protection domain exploitation attempt
RuleID : 49846 - Type : FILE-JAVA - Revision : 1
2019-05-21 Oracle Java privileged protection domain exploitation attempt
RuleID : 49845 - Type : FILE-JAVA - Revision : 1
2019-03-26 Oracle Java ImagingLib buffer overflow attempt
RuleID : 49256 - Type : FILE-JAVA - Revision : 1
2019-03-26 Oracle Java ImagingLib buffer overflow attempt
RuleID : 49255 - Type : FILE-JAVA - Revision : 1
2019-03-12 Oracle Java JPEGImageWriter memory corruption attempt
RuleID : 49117 - Type : FILE-JAVA - Revision : 1
2019-03-12 Oracle Java JPEGImageWriter memory corruption attempt
RuleID : 49116 - Type : FILE-JAVA - Revision : 1
2018-04-05 limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
RuleID : 45830 - Type : SERVER-OTHER - Revision : 1
2018-01-17 limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
RuleID : 45201 - Type : SERVER-OTHER - Revision : 2
2018-01-17 limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
RuleID : 45200 - Type : SERVER-OTHER - Revision : 2
2018-01-17 limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
RuleID : 45199 - Type : SERVER-OTHER - Revision : 2
2016-07-28 Oracle Java RangeStatisticImpl sandbox breach attempt
RuleID : 39355 - Type : FILE-JAVA - Revision : 1
2016-07-28 Oracle Java RangeStatisticImpl sandbox breach attempt
RuleID : 39354 - Type : FILE-JAVA - Revision : 1
2016-04-26 Oracle Java Class Loader namespace sandbox bypass attempt
RuleID : 38339 - Type : FILE-JAVA - Revision : 2
2016-04-26 Oracle Java Class Loader namespace sandbox bypass attempt
RuleID : 38338 - Type : FILE-JAVA - Revision : 2
2016-03-24 Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt
RuleID : 37821 - Type : FILE-JAVA - Revision : 1
2016-03-24 Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt
RuleID : 37820 - Type : FILE-JAVA - Revision : 1
2016-03-24 Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt
RuleID : 37819 - Type : FILE-JAVA - Revision : 1
2016-03-24 Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt
RuleID : 37818 - Type : FILE-JAVA - Revision : 1
2016-03-22 Oracle Java IntegerInterleavedRaster integer overflow attempt
RuleID : 37805 - Type : FILE-JAVA - Revision : 3
2016-03-22 Oracle Java IntegerInterleavedRaster integer overflow attempt
RuleID : 37804 - Type : FILE-JAVA - Revision : 4
2016-03-22 Oracle Java IntegerInterleavedRaster integer overflow attempt
RuleID : 37803 - Type : FILE-JAVA - Revision : 2
2016-03-22 Oracle Java IntegerInterleavedRaster integer overflow attempt
RuleID : 37802 - Type : FILE-JAVA - Revision : 2
2015-04-30 Nuclear exploit kit obfuscated file download
RuleID : 33983 - Type : EXPLOIT-KIT - Revision : 4
2015-04-30 Nuclear exploit kit landing page detected
RuleID : 33982 - Type : EXPLOIT-KIT - Revision : 3
2014-11-16 Oracle Java Web Start arbitrary command execution attempt
RuleID : 31946 - Type : FILE-JAVA - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-06-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL48802597.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0003_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0012_remote.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote VMware ESXi / ESX host is missing a security-related patch.
File: vmware_VMSA-2012-0005_remote.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2012-1489-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2012-1489-2.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2012-1490-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2013-1256-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2013-1669-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2014-1422-1.nasl - Type: ACT_GATHER_INFO
2015-05-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-219.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-96.nasl - Type: ACT_GATHER_INFO
2015-03-17 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3187.nasl - Type: ACT_GATHER_INFO
2015-03-17 Name: The remote application server is affected by multiple vulnerabilities.
File: websphere_7_0_0_37.nasl - Type: ACT_GATHER_INFO
2015-03-11 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2522-3.nasl - Type: ACT_GATHER_INFO
2015-03-09 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2522-2.nasl - Type: ACT_GATHER_INFO
2015-03-06 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2522-1.nasl - Type: ACT_GATHER_INFO
2015-02-25 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-0264.nasl - Type: ACT_GATHER_INFO
2015-02-16 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201502-12.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_tomcat_20140522.nasl - Type: ACT_GATHER_INFO
2014-12-22 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10627.nasl - Type: ACT_GATHER_INFO
2014-12-01 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3080.nasl - Type: ACT_GATHER_INFO
2014-12-01 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_java-1_6_0-ibm-141119.nasl - Type: ACT_GATHER_INFO
2014-12-01 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_java-1_7_0-ibm-141121.nasl - Type: ACT_GATHER_INFO
2014-11-28 Name: The remote AIX host has a version of Java SDK installed that is affected by m...
File: aix_java_oct2014_advisory.nasl - Type: ACT_GATHER_INFO