Executive Summary

Summary
Title HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
Informations
Name HPSBUX02608 SSRT100333 First vendor Publication 2010-12-09
Vendor HP Last vendor Modification 2011-01-12
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02616748

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11268
 
Oval ID: oval:org.mitre.oval:def:11268
Title: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3557
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11320
 
Oval ID: oval:org.mitre.oval:def:11320
Title: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Description: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3555
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11330
 
Oval ID: oval:org.mitre.oval:def:11330
Title: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3551
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11559
 
Oval ID: oval:org.mitre.oval:def:11559
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3549
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11560
 
Oval ID: oval:org.mitre.oval:def:11560
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3566
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11619
 
Oval ID: oval:org.mitre.oval:def:11619
Title: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
Description: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3550
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11649
 
Oval ID: oval:org.mitre.oval:def:11649
Title: DEPRECATED: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3553
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11662
 
Oval ID: oval:org.mitre.oval:def:11662
Title: DEPRECATED: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3559
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11714
 
Oval ID: oval:org.mitre.oval:def:11714
Title: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3567
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11798
 
Oval ID: oval:org.mitre.oval:def:11798
Title: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3553
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11815
 
Oval ID: oval:org.mitre.oval:def:11815
Title: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3556
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11829
 
Oval ID: oval:org.mitre.oval:def:11829
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3552
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11871
 
Oval ID: oval:org.mitre.oval:def:11871
Title: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Description: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3558
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11876
 
Oval ID: oval:org.mitre.oval:def:11876
Title: DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3567
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11880
 
Oval ID: oval:org.mitre.oval:def:11880
Title: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3559
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11893
 
Oval ID: oval:org.mitre.oval:def:11893
Title: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3562
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11930
 
Oval ID: oval:org.mitre.oval:def:11930
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."
Family: unix Class: vulnerability
Reference(s): CVE-2010-3557
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11990
 
Oval ID: oval:org.mitre.oval:def:11990
Title: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3573
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12004
 
Oval ID: oval:org.mitre.oval:def:12004
Title: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Description: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3552
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12005
 
Oval ID: oval:org.mitre.oval:def:12005
Title: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3560
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12029
 
Oval ID: oval:org.mitre.oval:def:12029
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3568
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12040
 
Oval ID: oval:org.mitre.oval:def:12040
Title: DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3566
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12068
 
Oval ID: oval:org.mitre.oval:def:12068
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3558
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12153
 
Oval ID: oval:org.mitre.oval:def:12153
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3567
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12173
 
Oval ID: oval:org.mitre.oval:def:12173
Title: Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions
Description: Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3570
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12177
 
Oval ID: oval:org.mitre.oval:def:12177
Title: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3571
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12180
 
Oval ID: oval:org.mitre.oval:def:12180
Title: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3565
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12181
 
Oval ID: oval:org.mitre.oval:def:12181
Title: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Description: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3563
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12189
 
Oval ID: oval:org.mitre.oval:def:12189
Title: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3554
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12200
 
Oval ID: oval:org.mitre.oval:def:12200
Title: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
Description: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3561
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12206
 
Oval ID: oval:org.mitre.oval:def:12206
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3568
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12220
 
Oval ID: oval:org.mitre.oval:def:12220
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3573
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12222
 
Oval ID: oval:org.mitre.oval:def:12222
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3555
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12225
 
Oval ID: oval:org.mitre.oval:def:12225
Title: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3566
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12226
 
Oval ID: oval:org.mitre.oval:def:12226
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3569
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12229
 
Oval ID: oval:org.mitre.oval:def:12229
Title: DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3574
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12231
 
Oval ID: oval:org.mitre.oval:def:12231
Title: DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3571
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12234
 
Oval ID: oval:org.mitre.oval:def:12234
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3569
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12240
 
Oval ID: oval:org.mitre.oval:def:12240
Title: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3572
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12274
 
Oval ID: oval:org.mitre.oval:def:12274
Title: DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3573
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12285
 
Oval ID: oval:org.mitre.oval:def:12285
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3571
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12294
 
Oval ID: oval:org.mitre.oval:def:12294
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3565
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12328
 
Oval ID: oval:org.mitre.oval:def:12328
Title: DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3562
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12363
 
Oval ID: oval:org.mitre.oval:def:12363
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3560
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12367
 
Oval ID: oval:org.mitre.oval:def:12367
Title: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3574
Version: 11
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12398
 
Oval ID: oval:org.mitre.oval:def:12398
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM. NOTE: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3564
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12422
 
Oval ID: oval:org.mitre.oval:def:12422
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3550
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12426
 
Oval ID: oval:org.mitre.oval:def:12426
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."
Family: unix Class: vulnerability
Reference(s): CVE-2010-3548
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12437
 
Oval ID: oval:org.mitre.oval:def:12437
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3561
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12449
 
Oval ID: oval:org.mitre.oval:def:12449
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects."
Family: unix Class: vulnerability
Reference(s): CVE-2010-3554
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12450
 
Oval ID: oval:org.mitre.oval:def:12450
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3562
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12458
 
Oval ID: oval:org.mitre.oval:def:12458
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3551
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12459
 
Oval ID: oval:org.mitre.oval:def:12459
Title: DEPRECATED: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
Description: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3561
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12462
 
Oval ID: oval:org.mitre.oval:def:12462
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3574
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12484
 
Oval ID: oval:org.mitre.oval:def:12484
Title: DEPRECATED: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3569
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12488
 
Oval ID: oval:org.mitre.oval:def:12488
Title: DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3551
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12491
 
Oval ID: oval:org.mitre.oval:def:12491
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3541
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12496
 
Oval ID: oval:org.mitre.oval:def:12496
Title: DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3556
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12502
 
Oval ID: oval:org.mitre.oval:def:12502
Title: DEPRECATED: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Description: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3558
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12508
 
Oval ID: oval:org.mitre.oval:def:12508
Title: DEPRECATED: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Description: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3563
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12509
 
Oval ID: oval:org.mitre.oval:def:12509
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3570
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12518
 
Oval ID: oval:org.mitre.oval:def:12518
Title: DEPRECATED: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3557
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12523
 
Oval ID: oval:org.mitre.oval:def:12523
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3556
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12531
 
Oval ID: oval:org.mitre.oval:def:12531
Title: DEPRECATED: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3568
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12536
 
Oval ID: oval:org.mitre.oval:def:12536
Title: DEPRECATED: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3572
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12544
 
Oval ID: oval:org.mitre.oval:def:12544
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3572
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12545
 
Oval ID: oval:org.mitre.oval:def:12545
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3553
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12552
 
Oval ID: oval:org.mitre.oval:def:12552
Title: DEPRECATED: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Description: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3552
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12554
 
Oval ID: oval:org.mitre.oval:def:12554
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3563
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12556
 
Oval ID: oval:org.mitre.oval:def:12556
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3559
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12571
 
Oval ID: oval:org.mitre.oval:def:12571
Title: DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3565
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12582
 
Oval ID: oval:org.mitre.oval:def:12582
Title: DEPRECATED: Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions
Description: Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3570
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12590
 
Oval ID: oval:org.mitre.oval:def:12590
Title: DEPRECATED: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
Description: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3550
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12597
 
Oval ID: oval:org.mitre.oval:def:12597
Title: DEPRECATED: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Description: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3554
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12614
 
Oval ID: oval:org.mitre.oval:def:12614
Title: DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3560
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12646
 
Oval ID: oval:org.mitre.oval:def:12646
Title: DEPRECATED: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Description: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3555
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle Java SE
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13305
 
Oval ID: oval:org.mitre.oval:def:13305
Title: USN-1010-1 -- openjdk-6, openjdk-6b18 vulnerabilities
Description: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. USN-923-1 disabled SSL/TLS renegotiation by default; this update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, and thus supports secure renegotiation between updated clients and servers. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. This could allow an attacker to read local network addresses. It was discovered that UIDefault.ProxyLazyValue had unsafe reflection usage, allowing an attacker to create objects. It was discovered that multiple flaws in the CORBA reflection implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. It was discovered that unspecified flaws in the Swing library could allow untrusted applications to modify the behavior and state of certain JDK classes. It was discovered that the privileged accept method of the ServerSocket class in the CORBA implementation allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. It was discovered that there exists a double free in java�s indexColorModel that could allow an attacker to cause an applet or application to crash, or possibly execute arbitrary code with the privilege of the user running the java applet or application. It was discovered that the Kerberos implementation improperly checked AP-REQ requests, which could allow an attacker to cause a denial of service against the receiving JVM. It was discovered that improper checks of unspecified image metadata in JPEGImageWriter.writeImage of the imageio API could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that an unspecified vulnerability in the ICC profile handling code could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that a miscalculation in the OpenType font rendering implementation would allow out-of-bounds memory access. This could allow an attacker to execute arbitrary code with the privileges of the user running a java application. It was discovered that an unspecified race condition in the way objects were deserialized could allow an attacker to cause an applet or application to misuse the privileges of the user running the java applet or application. It was discovered that the defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times. This could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that the HttpURLConnection class improperly checked whether the calling code was granted the "allowHttpTrace" permission, allowing an attacker to create HTTP TRACE requests
Family: unix Class: patch
Reference(s): USN-1010-1
CVE-2009-3555
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3551
CVE-2010-3553
CVE-2010-3554
CVE-2010-3557
CVE-2010-3561
CVE-2010-3562
CVE-2010-3564
CVE-2010-3565
CVE-2010-3566
CVE-2010-3567
CVE-2010-3568
CVE-2010-3569
CVE-2010-3573
CVE-2010-3574
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): openjdk-6
openjdk-6b18
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14340
 
Oval ID: oval:org.mitre.oval:def:14340
Title: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3549
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14354
 
Oval ID: oval:org.mitre.oval:def:14354
Title: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3541
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14475
 
Oval ID: oval:org.mitre.oval:def:14475
Title: Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."
Description: Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3548
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19571
 
Oval ID: oval:org.mitre.oval:def:19571
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3541
Version: 4
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20077
 
Oval ID: oval:org.mitre.oval:def:20077
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3565
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20186
 
Oval ID: oval:org.mitre.oval:def:20186
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3563
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20190
 
Oval ID: oval:org.mitre.oval:def:20190
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3573
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20195
 
Oval ID: oval:org.mitre.oval:def:20195
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."
Family: unix Class: vulnerability
Reference(s): CVE-2010-3548
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20205
 
Oval ID: oval:org.mitre.oval:def:20205
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3550
Version: 4
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20242
 
Oval ID: oval:org.mitre.oval:def:20242
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3556
Version: 4
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20270
 
Oval ID: oval:org.mitre.oval:def:20270
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3553
Version: 4
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20272
 
Oval ID: oval:org.mitre.oval:def:20272
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3551
Version: 4
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20301
 
Oval ID: oval:org.mitre.oval:def:20301
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3571
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20306
 
Oval ID: oval:org.mitre.oval:def:20306
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3574
Version: 4
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20336
 
Oval ID: oval:org.mitre.oval:def:20336
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."
Family: unix Class: vulnerability
Reference(s): CVE-2010-3557
Version: 4
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20418
 
Oval ID: oval:org.mitre.oval:def:20418
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3559
Version: 4
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20443
 
Oval ID: oval:org.mitre.oval:def:20443
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3569
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20449
 
Oval ID: oval:org.mitre.oval:def:20449
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3552
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20453
 
Oval ID: oval:org.mitre.oval:def:20453
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3566
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20460
 
Oval ID: oval:org.mitre.oval:def:20460
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3549
Version: 4
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20492
 
Oval ID: oval:org.mitre.oval:def:20492
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3562
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20505
 
Oval ID: oval:org.mitre.oval:def:20505
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects."
Family: unix Class: vulnerability
Reference(s): CVE-2010-3554
Version: 4
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20534
 
Oval ID: oval:org.mitre.oval:def:20534
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3567
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20557
 
Oval ID: oval:org.mitre.oval:def:20557
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3568
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20558
 
Oval ID: oval:org.mitre.oval:def:20558
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."
Family: unix Class: vulnerability
Reference(s): CVE-2010-3548
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20574
 
Oval ID: oval:org.mitre.oval:def:20574
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3555
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20578
 
Oval ID: oval:org.mitre.oval:def:20578
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3560
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20588
 
Oval ID: oval:org.mitre.oval:def:20588
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3572
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20591
 
Oval ID: oval:org.mitre.oval:def:20591
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3561
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20648
 
Oval ID: oval:org.mitre.oval:def:20648
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3558
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21498
 
Oval ID: oval:org.mitre.oval:def:21498
Title: RHSA-2011:0152: java-1.4.2-ibm security update (Moderate)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): RHSA-2011:0152-01
CVE-2010-1321
CVE-2010-3574
Version: 29
Platform(s): Red Hat Enterprise Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21716
 
Oval ID: oval:org.mitre.oval:def:21716
Title: RHSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): RHSA-2010:0768-01
CESA-2010:0768
CVE-2009-3555
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3551
CVE-2010-3553
CVE-2010-3554
CVE-2010-3557
CVE-2010-3561
CVE-2010-3562
CVE-2010-3564
CVE-2010-3565
CVE-2010-3567
CVE-2010-3568
CVE-2010-3569
CVE-2010-3573
CVE-2010-3574
Version: 224
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21804
 
Oval ID: oval:org.mitre.oval:def:21804
Title: RHSA-2010:0786: java-1.4.2-ibm security update (Critical)
Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2010:0786-01
CVE-2009-3555
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3551
CVE-2010-3553
CVE-2010-3556
CVE-2010-3557
CVE-2010-3562
CVE-2010-3565
CVE-2010-3568
CVE-2010-3569
CVE-2010-3571
CVE-2010-3572
Version: 185
Platform(s): Red Hat Enterprise Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21900
 
Oval ID: oval:org.mitre.oval:def:21900
Title: RHSA-2011:0169: java-1.5.0-ibm security and bug fix update (Critical)
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.
Family: unix Class: patch
Reference(s): RHSA-2011:0169-01
CVE-2010-3553
CVE-2010-3557
CVE-2010-3571
Version: 42
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22124
 
Oval ID: oval:org.mitre.oval:def:22124
Title: RHSA-2010:0770: java-1.6.0-sun security update (Critical)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): RHSA-2010:0770-01
CVE-2009-3555
CVE-2010-1321
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3550
CVE-2010-3551
CVE-2010-3552
CVE-2010-3553
CVE-2010-3554
CVE-2010-3555
CVE-2010-3556
CVE-2010-3557
CVE-2010-3558
CVE-2010-3559
CVE-2010-3560
CVE-2010-3561
CVE-2010-3562
CVE-2010-3563
CVE-2010-3565
CVE-2010-3566
CVE-2010-3567
CVE-2010-3568
CVE-2010-3569
CVE-2010-3570
CVE-2010-3571
CVE-2010-3572
CVE-2010-3573
CVE-2010-3574
Version: 380
Platform(s): Red Hat Enterprise Linux 5
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22284
 
Oval ID: oval:org.mitre.oval:def:22284
Title: RHSA-2010:0935: java-1.4.2-ibm security update (Moderate)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): RHSA-2010:0935-01
CVE-2010-1321
CVE-2010-3574
Version: 29
Platform(s): Red Hat Enterprise Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22285
 
Oval ID: oval:org.mitre.oval:def:22285
Title: RHSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): RHSA-2010:0865-02
CVE-2009-3555
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3551
CVE-2010-3553
CVE-2010-3554
CVE-2010-3557
CVE-2010-3561
CVE-2010-3562
CVE-2010-3564
CVE-2010-3565
CVE-2010-3567
CVE-2010-3568
CVE-2010-3569
CVE-2010-3573
CVE-2010-3574
Version: 224
Platform(s): Red Hat Enterprise Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22313
 
Oval ID: oval:org.mitre.oval:def:22313
Title: RHSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): RHSA-2010:0987-01
CVE-2009-3555
CVE-2010-1321
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3550
CVE-2010-3551
CVE-2010-3553
CVE-2010-3555
CVE-2010-3556
CVE-2010-3557
CVE-2010-3558
CVE-2010-3560
CVE-2010-3562
CVE-2010-3563
CVE-2010-3565
CVE-2010-3566
CVE-2010-3568
CVE-2010-3569
CVE-2010-3571
CVE-2010-3572
CVE-2010-3573
CVE-2010-3574
Version: 302
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22342
 
Oval ID: oval:org.mitre.oval:def:22342
Title: RHSA-2010:0873: java-1.5.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): RHSA-2010:0873-02
CVE-2010-1321
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3550
CVE-2010-3551
CVE-2010-3556
CVE-2010-3559
CVE-2010-3562
CVE-2010-3565
CVE-2010-3566
CVE-2010-3568
CVE-2010-3569
CVE-2010-3572
CVE-2010-3573
CVE-2010-3574
Version: 211
Platform(s): Red Hat Enterprise Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22361
 
Oval ID: oval:org.mitre.oval:def:22361
Title: RHSA-2010:0807: java-1.5.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): RHSA-2010:0807-01
CVE-2009-3555
CVE-2010-1321
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3550
CVE-2010-3551
CVE-2010-3556
CVE-2010-3559
CVE-2010-3562
CVE-2010-3565
CVE-2010-3566
CVE-2010-3568
CVE-2010-3569
CVE-2010-3572
CVE-2010-3573
CVE-2010-3574
Version: 224
Platform(s): Red Hat Enterprise Linux 5
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22816
 
Oval ID: oval:org.mitre.oval:def:22816
Title: ELSA-2011:0152: java-1.4.2-ibm security update (Moderate)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): ELSA-2011:0152-01
CVE-2010-1321
CVE-2010-3574
Version: 13
Platform(s): Oracle Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22873
 
Oval ID: oval:org.mitre.oval:def:22873
Title: ELSA-2010:0807: java-1.5.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): ELSA-2010:0807-01
CVE-2009-3555
CVE-2010-1321
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3550
CVE-2010-3551
CVE-2010-3556
CVE-2010-3559
CVE-2010-3562
CVE-2010-3565
CVE-2010-3566
CVE-2010-3568
CVE-2010-3569
CVE-2010-3572
CVE-2010-3573
CVE-2010-3574
Version: 73
Platform(s): Oracle Linux 5
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22954
 
Oval ID: oval:org.mitre.oval:def:22954
Title: ELSA-2010:0770: java-1.6.0-sun security update (Critical)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): ELSA-2010:0770-01
CVE-2009-3555
CVE-2010-1321
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3550
CVE-2010-3551
CVE-2010-3552
CVE-2010-3553
CVE-2010-3554
CVE-2010-3555
CVE-2010-3556
CVE-2010-3557
CVE-2010-3558
CVE-2010-3559
CVE-2010-3560
CVE-2010-3561
CVE-2010-3562
CVE-2010-3563
CVE-2010-3565
CVE-2010-3566
CVE-2010-3567
CVE-2010-3568
CVE-2010-3569
CVE-2010-3570
CVE-2010-3571
CVE-2010-3572
CVE-2010-3573
CVE-2010-3574
Version: 121
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22962
 
Oval ID: oval:org.mitre.oval:def:22962
Title: ELSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): ELSA-2010:0768-01
CVE-2009-3555
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3551
CVE-2010-3553
CVE-2010-3554
CVE-2010-3557
CVE-2010-3561
CVE-2010-3562
CVE-2010-3564
CVE-2010-3565
CVE-2010-3567
CVE-2010-3568
CVE-2010-3569
CVE-2010-3573
CVE-2010-3574
Version: 73
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23065
 
Oval ID: oval:org.mitre.oval:def:23065
Title: ELSA-2010:0786: java-1.4.2-ibm security update (Critical)
Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2010:0786-01
CVE-2009-3555
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3551
CVE-2010-3553
CVE-2010-3556
CVE-2010-3557
CVE-2010-3562
CVE-2010-3565
CVE-2010-3568
CVE-2010-3569
CVE-2010-3571
CVE-2010-3572
Version: 61
Platform(s): Oracle Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23199
 
Oval ID: oval:org.mitre.oval:def:23199
Title: DEPRECATED: ELSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): ELSA-2010:0987-01
CVE-2009-3555
CVE-2010-1321
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3550
CVE-2010-3551
CVE-2010-3553
CVE-2010-3555
CVE-2010-3556
CVE-2010-3557
CVE-2010-3558
CVE-2010-3560
CVE-2010-3562
CVE-2010-3563
CVE-2010-3565
CVE-2010-3566
CVE-2010-3568
CVE-2010-3569
CVE-2010-3571
CVE-2010-3572
CVE-2010-3573
CVE-2010-3574
Version: 98
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23245
 
Oval ID: oval:org.mitre.oval:def:23245
Title: ELSA-2010:0935: java-1.4.2-ibm security update (Moderate)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): ELSA-2010:0935-01
CVE-2010-1321
CVE-2010-3574
Version: 13
Platform(s): Oracle Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23261
 
Oval ID: oval:org.mitre.oval:def:23261
Title: DEPRECATED: ELSA-2011:0169: java-1.5.0-ibm security and bug fix update (Critical)
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.
Family: unix Class: patch
Reference(s): ELSA-2011:0169-01
CVE-2010-3553
CVE-2010-3557
CVE-2010-3571
Version: 18
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23448
 
Oval ID: oval:org.mitre.oval:def:23448
Title: ELSA-2011:0169: java-1.5.0-ibm security and bug fix update (Critical)
Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.
Family: unix Class: patch
Reference(s): ELSA-2011:0169-01
CVE-2010-3553
CVE-2010-3557
CVE-2010-3571
Version: 17
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23453
 
Oval ID: oval:org.mitre.oval:def:23453
Title: ELSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): ELSA-2010:0987-01
CVE-2009-3555
CVE-2010-1321
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3550
CVE-2010-3551
CVE-2010-3553
CVE-2010-3555
CVE-2010-3556
CVE-2010-3557
CVE-2010-3558
CVE-2010-3560
CVE-2010-3562
CVE-2010-3563
CVE-2010-3565
CVE-2010-3566
CVE-2010-3568
CVE-2010-3569
CVE-2010-3571
CVE-2010-3572
CVE-2010-3573
CVE-2010-3574
Version: 97
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23563
 
Oval ID: oval:org.mitre.oval:def:23563
Title: ELSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): ELSA-2010:0865-02
CVE-2009-3555
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3551
CVE-2010-3553
CVE-2010-3554
CVE-2010-3557
CVE-2010-3561
CVE-2010-3562
CVE-2010-3564
CVE-2010-3565
CVE-2010-3567
CVE-2010-3568
CVE-2010-3569
CVE-2010-3573
CVE-2010-3574
Version: 73
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23606
 
Oval ID: oval:org.mitre.oval:def:23606
Title: ELSA-2010:0873: java-1.5.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Family: unix Class: patch
Reference(s): ELSA-2010:0873-02
CVE-2010-1321
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3550
CVE-2010-3551
CVE-2010-3556
CVE-2010-3559
CVE-2010-3562
CVE-2010-3565
CVE-2010-3566
CVE-2010-3568
CVE-2010-3569
CVE-2010-3572
CVE-2010-3573
CVE-2010-3574
Version: 69
Platform(s): Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 321
Application 356
Application 103

SAINT Exploits

Description Link
Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow More info here

ExploitDB Exploits

id Description
2011-01-22 Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit

OpenVAS Exploits

Date Description
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-03-15 Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv...
File : nvt/gb_VMSA-2011-0013.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_201111_02.nasl
2011-08-09 Name : CentOS Update for java CESA-2010:0768 centos5 i386
File : nvt/gb_CESA-2010_0768_java_centos5_i386.nasl
2011-01-04 Name : HP-UX Update for Java HPSBUX02608
File : nvt/gb_hp_ux_HPSBUX02608.nasl
2010-12-02 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16312
File : nvt/gb_fedora_2010_16312_java-1.6.0-openjdk_fc14.nasl
2010-11-04 Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerabilities USN-1010-1
File : nvt/gb_ubuntu_USN_1010_1.nasl
2010-10-28 Name : Oracle Java SE Multiple Vulnerabilities (Windows)
File : nvt/gb_sun_java_se_mult_vuln_oct10_win.nasl
2010-10-22 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16240
File : nvt/gb_fedora_2010_16240_java-1.6.0-openjdk_fc12.nasl
2010-10-22 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16294
File : nvt/gb_fedora_2010_16294_java-1.6.0-openjdk_fc13.nasl
2010-10-19 Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0768-01
File : nvt/gb_RHSA-2010_0768-01_java-1.6.0-openjdk.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70072 Oracle Communications Messaging Server Webmail Kerberos AP-REQ Denial of Service

Oracle Sun Products Suite contains a flaw related to the Oracle Communications Messaging Server component's Kerberos implementation failing to properly check AP-REQ requests. This may allow a remote attacker to cause a denial of service against the receiving JVM.
69059 Oracle Java SE / Java for Business Networking Component HttpURLConnection App...

Oracle Java SE and Java for Business contain a flaw related to the Networking component's HttpURLConnection class's failure to properly validate request headers set by applets. This may allow a remote attacker to trigger otherwise restricted actions.
69058 Oracle Java SE / Java for Business JNDI Internal Network Names Information Di...

Oracle Java SE and Java for Business contain a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an information leak in the JNDI component occurs, which will disclose confidential internal network names to a remote attacker.
69057 Oracle Java SE / Java for Business Networking Component HttpURLConnection chu...

Oracle Java SE and Java for Business contains a flaw related to the Networking component's HttpURLConnection class's failure to properly handle the 'chunked' transfer encoding method. This may allow a remote attacker to conduct HTTP request splitting attacks.
69056 Oracle Java SE / Java for Business Web Start Component Unspecified Issue (201...

Oracle Java SE and Java for Business contain an unspecified flaw related to the Web Start component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided.
69055 Oracle Java SE / Java for Business Networking Component Network Address Infor...

Oracle Java SE and Java for Business contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered whentThe NetworkInterface class fails to properly check the network 'connect' permissions for local network addresses, which will disclose local network addresses to a remote attacker.
69053 Oracle Java SE / Java for Business Swing Component Unspecified Issue (2010-3553)

Oracle Java SE and Java for Business contain an unspecified flaw related to the Swing component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided.
69052 Oracle Java SE / Java for Business CORBA Component Remote Code Execution

Oracle Java SE and Java for Business contain an unspecified flaw related to the CORBA component. This may allow a remote attacker to execute arbitrary code by misusing permissions granted to certain system objects. No further details have been provided
69051 Oracle Java SE / Java for Business ActiveX Plugin Uninitialized Window Handle...

Oracle Java SE and Java for Business contain a flaw related to the ActiveX Plugin. The plugin does not properly initialize objects. When the plugin is in a particular state, the application will fail to properly initialize a window handle field. This may be exploited by a remote attacker to allow the execution of arbitrary code.
69050 Oracle Java SE / Java for Business 2D Component Unspecified Issue (2010-3556)

Oracle Java SE and Java for Business contain an unspecified flaw related to the 2D component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided.
69049 Oracle Java SE / Java for Business Swing Component Unspecified Issue (2010-3557)

Oracle Java SE and Java for Business contain an unspecified flaw related to the Swing component. This may allow a remote attacker to affect confidentiality, integrity, and availability. This is related to the modification of the behavior and state of certain JDK classes. No further details have been provided.
69048 Oracle Java SE / Java for Business Web Start Component Unspecified Issue (201...

Oracle Java SE and Java for Business contain an unspecified flaw related to the Web Start component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided.
69047 Oracle Java SE / Java for Business HeadspaceSoundbank.nGetName BANK Record Si...

A memory corruption flaw exists in Oracle Java SE and Java for Business. The 'HeadspaceSoundbank.nGetName' function fails to sanitize user-supplied input when parsing BANK records in SoundBank files, resulting in memory corruption. With a specially crafted BANK record, a context-dependent attacker can execute arbitrary code.
69046 Oracle Java SE / Java for Business Networking Component Unspecified Informati...

Oracle Java SE and Java for Business contain an unspecified flaw related to the Networking component. This may allow disclose certain unspecified information to a remote attacker. No further details have been provided.
69045 Oracle Java SE / Java for Business CORBA Component ServerSocket Network Permi...

Oracle Java SE and Java for Business contain a flaw related to the CORBA Component's ServerSocket class's privileged accept method allowing it to receive connections from any host. This may allow a remote attacker to bypass network permission restrictions.
69044 Oracle Java SE / Java for Business 2D Component IndexColorModel Double-free E...

Oracle Java SE and Java for Business contain a flaw related to the 2D Component. IndexColorModel suffers from a double free error when running an untrusted applet or application, which may allow a remote attacker to potentially execute arbitrary code.
69043 Oracle Java SE / Java for Business Web Start BasicServiceImpl Class Arbitrary...

Oracle Java SE and Java for Business contain a flaw related to the 'com.sun.jnlp.BasicServiceImpl' class. The issue is triggered when a remote attacker exploits Web Start's retrieval of security policies. This may allow an attacker to execute arbitrary code.
69042 Oracle Java SE / Java for Business JRE JPEGImageWriter.writeImage Overflow

Oracle Java SE and Java for Business are prone to an overflow condition. The JPEGImageWriter.writeImage in the imageio API in the JRE component fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted JPEG image file, a context-dependent attacker can potentially execute arbitrary code.
69041 Oracle Java SE / Java for Business JRE ICC Profile devs Tag Structure Overflow

Oracle Java SE and Java for Business are prone to an overflow condition. The color profile parser in the JRE component fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted 'devs' tag structure in a color profile, a context-dependent attacker can potentially execute arbitrary code.
69040 Oracle Java SE / Java for Business 2D Component ICU Opentype out-of-bounds Re...

Oracle Java SE and Java for Business contains a flaw related to the 2D component. The issue is triggered when a crash in ICU Opentype layout engine is caused by a miscalculation in character counts for right-to-left text causing out-of-bounds memory access. This may allow a remote attacker to execute arbitrary code.
69039 Oracle Java SE / Java for Business JRE Component Unspecified Issue (2010-3568)

Oracle Java SE and Java for Business contain an unspecified flaw related to the JRE component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided.
69038 Oracle Java SE / Java for Business JRE Component Unspecified Issue (2010-3569)

Oracle Java SE and Java for Business contain a flaw related to the JRE component. The 'defaultReadObject' method of the Serialization API. can be tricked into setting a volatile field repeatedly. This may allow a remote attacker to execute arbitrary code.
69037 Oracle Java SE / Java for Business Deployment Toolkit Component Unspecified I...

Oracle Java SE and Java for Business contain an unspecified flaw related to the Deployment Toolkit component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided.
69036 Oracle Java SE / Java for Business ICC Profile Unicode Description Tag Struc...

Oracle Java SE and Java for Business is prone to an overflow condition. The color profile parser fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted Tag structure in a color profile, a context-dependent attacker can potentially execute arbitrary code.
69035 Oracle Java SE / Java for Business Sound Component Unspecified Issue (2010-3...

Oracle Java SE and Java for Business contain a flaw related to the Sound component that may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided.
69034 Oracle Java SE / Java for Business java.net.URLConnection Same-of-origin Poli...

Oracle Java SE and Java for Business contain a flaw related to the 'HttpURLConnection' class in the Networking component's failure to properly validate applet request headers. This may allow a remote attacker to trigger actions which are normally restricted to HTTP clients.
69033 Oracle Java SE / Java for Business Networking Component HttpURLConnection all...

Oracle Java SE and Java for Business contain a flaw related to the 'Networking' component. The 'HttpURLConnection' class fails to properly check if the calling code had the 'allowHttpTrace' permission, allowing the creation of HTTP TRACE requests by untrusted code.
68873 Oracle Java New Plugin docbase Parameter Overflow

Java is prone to an overflow condition. The new plugin component fails to properly sanitize user-supplied input resulting in a stack buffer overflow. With a specially crafted website, a context-dependent attacker can potentially cause arbitrary code execution.

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-12-01 IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity : Category I - VMSKEY : V0030769
2011-05-12 IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Snort® IPS/IDS

Date Description
2014-01-10 Oracle Java browser plugin docbase overflow attempt
RuleID : 20444 - Revision : 7 - Type : FILE-JAVA
2014-01-10 Oracle Java Web Start BasicServiceImpl security policy bypass attempt
RuleID : 20430 - Revision : 7 - Type : FILE-JAVA
2014-01-10 Oracle Java browser plugin docbase overflow attempt
RuleID : 18245 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Oracle Java browser plugin docbase overflow attempt
RuleID : 18244 - Revision : 14 - Type : FILE-JAVA

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO
2014-06-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0768.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_oct_2010_unix.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101110_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101014_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101013_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-7440.nasl - Type : ACT_GATHER_INFO
2011-11-07 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO
2011-10-28 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO
2011-03-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-7350.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12683.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-110223.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-7348.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12682.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-sun-7204.nasl - Type : ACT_GATHER_INFO
2011-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-101220.nasl - Type : ACT_GATHER_INFO
2011-01-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12669.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0169.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-101112.nasl - Type : ACT_GATHER_INFO
2011-01-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0152.nasl - Type : ACT_GATHER_INFO
2010-12-17 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12658.nasl - Type : ACT_GATHER_INFO
2010-12-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0987.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-7205.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0935.nasl - Type : ACT_GATHER_INFO
2010-12-01 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12659.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0873.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0865.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1010-1.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0807.nasl - Type : ACT_GATHER_INFO
2010-10-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO
2010-10-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO
2010-10-22 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16240.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0786.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16294.nasl - Type : ACT_GATHER_INFO
2010-10-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO
2010-10-18 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16312.nasl - Type : ACT_GATHER_INFO
2010-10-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0770.nasl - Type : ACT_GATHER_INFO
2010-10-15 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_oct_2010.nasl - Type : ACT_GATHER_INFO
2010-10-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO