Executive Summary
| Summary | |
|---|---|
| Title | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | HPSBUX02760 SSRT100805 | First vendor Publication | 2012-04-02 |
| Vendor | HP | Last vendor Modification | 2012-04-02 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. |
Original Source
| Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03266681 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-326 | Inadequate Encryption Strength |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:13662 | |||
| Oval ID: | oval:org.mitre.oval:def:13662 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3521 | Version: | 10 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13885 | |||
| Oval ID: | oval:org.mitre.oval:def:13885 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3549 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13976 | |||
| Oval ID: | oval:org.mitre.oval:def:13976 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0505 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14082 | |||
| Oval ID: | oval:org.mitre.oval:def:14082 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0506 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14180 | |||
| Oval ID: | oval:org.mitre.oval:def:14180 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3545 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14316 | |||
| Oval ID: | oval:org.mitre.oval:def:14316 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3556 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14339 | |||
| Oval ID: | oval:org.mitre.oval:def:14339 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3547 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14373 | |||
| Oval ID: | oval:org.mitre.oval:def:14373 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3557 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14394 | |||
| Oval ID: | oval:org.mitre.oval:def:14394 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3560 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14465 | |||
| Oval ID: | oval:org.mitre.oval:def:14465 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3552 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14492 | |||
| Oval ID: | oval:org.mitre.oval:def:14492 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3548 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14524 | |||
| Oval ID: | oval:org.mitre.oval:def:14524 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3554 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14752 | |||
| Oval ID: | oval:org.mitre.oval:def:14752 | ||
| Title: | SSL and TLS Protocols Vulnerability | ||
| Description: | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3389 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14813 | |||
| Oval ID: | oval:org.mitre.oval:def:14813 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0503 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14878 | |||
| Oval ID: | oval:org.mitre.oval:def:14878 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0499 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14900 | |||
| Oval ID: | oval:org.mitre.oval:def:14900 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0502 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14942 | |||
| Oval ID: | oval:org.mitre.oval:def:14942 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3563 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15069 | |||
| Oval ID: | oval:org.mitre.oval:def:15069 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0501 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15075 | |||
| Oval ID: | oval:org.mitre.oval:def:15075 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0498 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15241 | |||
| Oval ID: | oval:org.mitre.oval:def:15241 | ||
| Title: | DSA-2368-1 lighttpd -- multiple | ||
| Description: | Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint. CVE-2011-4362 Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing user input. As a result it is possible to force lighttpd to perform an out-of-bounds read which results in Denial of Service conditions. CVE-2011-3389 When using CBC ciphers on an SSL enabled virtual host to communicate with certain client, a so called "BEAST" attack allows man-in-the-middle attackers to obtain plaintext HTTP traffic via a blockwise chosen-boundary attack on an HTTPS session. Technically this is no lighttpd vulnerability. However, lighttpd offers a workaround to mitigate this problem by providing a possibility to disable CBC ciphers. This updates includes this option by default. System administrators are advised to read the NEWS file of this update. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2368-1 CVE-2011-4362 CVE-2011-3389 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | lighttpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15259 | |||
| Oval ID: | oval:org.mitre.oval:def:15259 | ||
| Title: | DSA-2420-1 openjdk-6 -- several | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. CVE-2011-3377 The Iced Tea browser plugin included in the openjdk-6 package does not properly enforce the Same Origin Policy on web content served under a domain name which has a common suffix with the required domain name. CVE-2011-3563 The Java Sound component did not properly check for array boundaries. A malicious input or an untrusted Java application or applet could use this flaw to cause Java Virtual Machine to crash or disclose portion of its memory. CVE-2011-5035 The OpenJDK embedded web server did not guard against an excessive number of a request parameters, leading to a denial of service vulnerability involving hash collisions. CVE-2012-0497 It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. This could lead to JVM crash or Java sandbox bypass. CVE-2012-0501 The ZIP central directory parser used by java.util.zip.ZipFile entered an infinite recursion in native code when processing a crafted ZIP file, leading to a denial of service. CVE-2012-0502 A flaw was found in the AWT KeyboardFocusManager class that could allow untrusted Java applets to acquire keyboard focus and possibly steal sensitive information. CVE-2012-0503 The java.util.TimeZone.setDefault method lacked a security manager invocation, allowing an untrusted Java application or applet to set a new default time zone. CVE-2012-0505 The Java serialization code leaked references to serialization exceptions, possibly leaking critical objects to untrusted code in Java applets and applications. CVE-2012-0506 It was discovered that CORBA implementation in Java did not properly protect repository identifiers on certain Corba objects. This could have been used to perform modification of the data that should have been immutable. CVE-2012-0507 The AtomicReferenceArray class implementation did not properly check if the array is of an expected Object[] type. A malicious Java application or applet could use this flaw to cause Java Virtual Machine to crash or bypass Java sandbox restrictions | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2420-1 CVE-2011-3377 CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15281 | |||
| Oval ID: | oval:org.mitre.oval:def:15281 | ||
| Title: | DSA-2356-1 openjdk-6 -- several | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform: CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code to elevate its privileges. CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code to elevate its privileges. CVE-2011-3547 The skip method in java.io.InputStream uses a shared buffer, allowing untrusted Java code to access data that is skipped by other code. CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code to elevate its privileges. CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code to elevate its privileges. CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory method, allowing untrusted Java code to bypass security policy restrictions. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2356-1 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15374 | |||
| Oval ID: | oval:org.mitre.oval:def:15374 | ||
| Title: | DSA-2358-1 openjdk-6 -- several | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1. CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code could access information about network interfaces which was not intended to be public. CVE-2011-0868 A float-to-long conversion could overflow, allowing untrusted code to crash the virtual machine. CVE-2011-0869 Untrusted code could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code could elevate its privileges through the Swing MediaTracker code. CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code to elevate its privileges. CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code to elevate its privileges. CVE-2011-3547 The skip method in java.io.InputStream uses a shared buffer, allowing untrusted Java code to access data that is skipped by other code. CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code to elevate its privileges. CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code to elevate its privileges. CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory method, allowing untrusted Java code to bypass security policy restrictions. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2358-1 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15473 | |||
| Oval ID: | oval:org.mitre.oval:def:15473 | ||
| Title: | USN-1373-2 -- OpenJDK 6 (ARM) vulnerabilities | ||
| Description: | openjdk-6b18: Open Source Java implementation Details: USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM . This provides the corresponding OpenJDK 6 update for use with the ARM architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Original advisory Multiple vulnerabilities in OpenJDK 6 for the ARM architecture have been fixed. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1373-2 CVE-2011-5035 CVE-2011-3563 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | OpenJDK |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19445 | |||
| Oval ID: | oval:org.mitre.oval:def:19445 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0502 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19527 | |||
| Oval ID: | oval:org.mitre.oval:def:19527 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0506 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19599 | |||
| Oval ID: | oval:org.mitre.oval:def:19599 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0501 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19644 | |||
| Oval ID: | oval:org.mitre.oval:def:19644 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0503 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19800 | |||
| Oval ID: | oval:org.mitre.oval:def:19800 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0499 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19808 | |||
| Oval ID: | oval:org.mitre.oval:def:19808 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0498 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19813 | |||
| Oval ID: | oval:org.mitre.oval:def:19813 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-3563 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19829 | |||
| Oval ID: | oval:org.mitre.oval:def:19829 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0505 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19848 | |||
| Oval ID: | oval:org.mitre.oval:def:19848 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0507 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20754 | |||
| Oval ID: | oval:org.mitre.oval:def:20754 | ||
| Title: | RHSA-2012:0322: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0322-01 CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 | Version: | 133 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21340 | |||
| Oval ID: | oval:org.mitre.oval:def:21340 | ||
| Title: | RHSA-2012:0135: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0135-01 CESA-2012:0135 CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 | Version: | 133 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21410 | |||
| Oval ID: | oval:org.mitre.oval:def:21410 | ||
| Title: | RHSA-2012:0139: java-1.6.0-sun security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0139-01 CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 | Version: | 159 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23077 | |||
| Oval ID: | oval:org.mitre.oval:def:23077 | ||
| Title: | ELSA-2012:0006: java-1.4.2-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0006-01 CVE-2011-3389 CVE-2011-3545 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3552 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 | Version: | 37 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23287 | |||
| Oval ID: | oval:org.mitre.oval:def:23287 | ||
| Title: | ELSA-2012:0322: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0322-01 CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 | Version: | 45 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23323 | |||
| Oval ID: | oval:org.mitre.oval:def:23323 | ||
| Title: | ELSA-2012:0514: java-1.6.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0514-03 CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 | Version: | 53 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23638 | |||
| Oval ID: | oval:org.mitre.oval:def:23638 | ||
| Title: | ELSA-2012:0139: java-1.6.0-sun security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0139-01 CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 | Version: | 53 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23720 | |||
| Oval ID: | oval:org.mitre.oval:def:23720 | ||
| Title: | ELSA-2012:0135: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0135-01 CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 | Version: | 45 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23749 | |||
| Oval ID: | oval:org.mitre.oval:def:23749 | ||
| Title: | ELSA-2012:0508: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0508-03 CVE-2011-3389 CVE-2011-3557 CVE-2011-3560 CVE-2011-3563 CVE-2012-0498 CVE-2012-0499 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 | Version: | 53 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27767 | |||
| Oval ID: | oval:org.mitre.oval:def:27767 | ||
| Title: | DEPRECATED: ELSA-2012-0322 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [1.6.0.0-1.25.1.10.6.0.1.el5_8] - Add oracle-enterprise.patch [1:1.6.0.0-1.25.1.10.6] - Updated to IcedTea6 1.10.6 - Resolves: rhbz#787142 - Security fixes - S7082299: Fix in AtomicReferenceArray - S7088367: Fix issues in java sound - S7110683: Issues with some KeyboardFocusManager method - S7110687: Issues with TimeZone class - S7110700: Enhance exception throwing mechanism in ObjectStreamClass - S7110704: Issues with some method in corba - S7112642: Incorrect checking for graphics rendering object - S7118283: Better input parameter checking in zip file processing - S7126960: Add property to limit number of request headers to the HTTP Server - Bug fixes - RH580478: Desktop files should not use hardcoded path - Removed and deleted upstreamed patch7 - name-rmi-fix.patch - Removed and deleted upstreamed Hugepages patches: - Source100: 7034464-hugepage.patch - Source101: 7037939-hugepage.patch - Source102: 7043564-hugepage.patch | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0322 CVE-2011-3563 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2011-3571 CVE-2011-5035 CVE-2012-0507 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27922 | |||
| Oval ID: | oval:org.mitre.oval:def:27922 | ||
| Title: | DEPRECATED: ELSA-2012-0135 -- java-1.6.0-openjdk security update (critical) | ||
| Description: | [1:1.6.0.0-1.43.1.10.6] - Updated to IcedTea6 1.10.6 - Resolves: rhbz#787144 - Security fixes - S7082299: Fix in AtomicReferenceArray - S7088367: Fix issues in java sound - S7110683: Issues with some KeyboardFocusManager method - S7110687: Issues with TimeZone class - S7110700: Enhance exception throwing mechanism in ObjectStreamClass - S7110704: Issues with some method in corba - S7112642: Incorrect checking for graphics rendering object - S7118283: Better input parameter checking in zip file processing - S7126960: Add property to limit number of request headers to the HTTP Server - Bug fixes - RH580478: Desktop files should not use hardcoded path - Removed upstreamed patch7 - java-1.6.0-openjdk-6_2-Z-rmi-fix.patch | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0135 CVE-2011-3563 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2011-3571 CVE-2011-5035 CVE-2012-0507 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28104 | |||
| Oval ID: | oval:org.mitre.oval:def:28104 | ||
| Title: | DEPRECATED: ELSA-2011-1380 -- java-1.6.0-openjdk security update (critical) | ||
| Description: | [1:1.6.0.0-1.40.1.9.10] - Resolves: rhbz#744788 - Bumped to IcedTea6 1.9.8 -removed font copying Security fixes - S7000600, CVE-2011-3547: InputStream skip() information leak - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine - S7055902, CVE-2011-3521: IIOP deserialization code execution - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks - S7064341, CVE-2011-3389: JSSE - S7070134, CVE-2011-3558: Hotspot unspecified issue - S7077466, CVE-2011-3556: RMI DGC server remote code execution - S7083012, CVE-2011-3557: RMI registry privileged code execution - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection NetX - PR794: javaws does not work if a Web Start app jar has a Class-Path element in the manifest | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-1380 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Java SE AtomicReferenceArray Unsafe Security Bypass | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2012-03-30 | Java AtomicReferenceArray Type Violation Vulnerability |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-10-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.6.0-openjdk_fc16.nasl |
| 2012-10-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl |
| 2012-09-25 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004) File : nvt/gb_macosx_su12-004.nasl |
| 2012-09-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-13127 File : nvt/gb_fedora_2012_13127_java-1.6.0-openjdk_fc16.nasl |
| 2012-09-04 | Name : Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail) File : nvt/gb_mandriva_MDVSA_2012_149.nasl |
| 2012-09-04 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-13138 File : nvt/gb_fedora_2012_13138_java-1.7.0-openjdk_fc16.nasl |
| 2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
| 2012-08-30 | Name : Fedora Update for python-docs FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python-docs_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for python3 FEDORA-2012-5785 File : nvt/gb_fedora_2012_5785_python3_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for python FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-2595 File : nvt/gb_fedora_2012_2595_java-1.7.0-openjdk_fc17.nasl |
| 2012-08-30 | Name : FreeBSD Ports: fetchmail File : nvt/freebsd_fetchmail16.nasl |
| 2012-08-22 | Name : Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows) File : nvt/gb_oracle_java_se_code_exec_vuln_win.nasl |
| 2012-08-03 | Name : Mandriva Update for curl MDVSA-2012:058 (curl) File : nvt/gb_mandriva_MDVSA_2012_058.nasl |
| 2012-08-02 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0309-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_0309_1.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:1089 centos5 File : nvt/gb_CESA-2012_1089_thunderbird_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:1089 centos6 File : nvt/gb_CESA-2012_1089_thunderbird_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:1088 centos6 File : nvt/gb_CESA-2012_1088_firefox_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:1088 centos5 File : nvt/gb_CESA-2012_1088_firefox_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2012:0135 centos6 File : nvt/gb_CESA-2012_0135_java_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2011:1380 centos5 x86_64 File : nvt/gb_CESA-2011_1380_java_centos5_x86_64.nasl |
| 2012-07-19 | Name : RedHat Update for firefox RHSA-2012:1088-01 File : nvt/gb_RHSA-2012_1088-01_firefox.nasl |
| 2012-07-19 | Name : RedHat Update for thunderbird RHSA-2012:1089-01 File : nvt/gb_RHSA-2012_1089-01_thunderbird.nasl |
| 2012-07-09 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0135-01 File : nvt/gb_RHSA-2012_0135-01_java-1.6.0-openjdk.nasl |
| 2012-06-22 | Name : Mandriva Update for python MDVSA-2012:096 (python) File : nvt/gb_mandriva_MDVSA_2012_096.nasl |
| 2012-06-22 | Name : Mandriva Update for python MDVSA-2012:097 (python) File : nvt/gb_mandriva_MDVSA_2012_097.nasl |
| 2012-06-22 | Name : Fedora Update for python3 FEDORA-2012-9135 File : nvt/gb_fedora_2012_9135_python3_fc16.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9541 File : nvt/gb_fedora_2012_9541_java-1.6.0-openjdk_fc15.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9545 File : nvt/gb_fedora_2012_9545_java-1.6.0-openjdk_fc16.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9593 File : nvt/gb_fedora_2012_9593_java-1.7.0-openjdk_fc16.nasl |
| 2012-05-18 | Name : Mac OS X Multiple Vulnerabilities (2012-002) File : nvt/gb_macosx_su12-002.nasl |
| 2012-05-08 | Name : Fedora Update for python-docs FEDORA-2012-5924 File : nvt/gb_fedora_2012_5924_python-docs_fc16.nasl |
| 2012-05-08 | Name : Fedora Update for python FEDORA-2012-5924 File : nvt/gb_fedora_2012_5924_python_fc16.nasl |
| 2012-05-04 | Name : Fedora Update for python3 FEDORA-2012-5916 File : nvt/gb_fedora_2012_5916_python3_fc15.nasl |
| 2012-04-30 | Name : Debian Security Advisory DSA 2398-2 (curl) File : nvt/deb_2398_2.nasl |
| 2012-04-09 | Name : Java Runtime Environment Multiple Vulnerabilities (MAC OS X) File : nvt/gb_jre_mult_vuln_macosx.nasl |
| 2012-04-06 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Linux) File : nvt/gb_opera_extented_validation_info_disc_vuln_lin.nasl |
| 2012-04-02 | Name : Fedora Update for nss-util FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_nss-util_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for thunderbird-lightning FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_thunderbird-lightning_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for thunderbird FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_thunderbird_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for xulrunner FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_xulrunner_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1711 File : nvt/gb_fedora_2012_1711_java-1.6.0-openjdk_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-15020 File : nvt/gb_fedora_2011_15020_java-1.6.0-openjdk_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for nss-softokn FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_nss-softokn_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for firefox FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_firefox_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-1690 File : nvt/gb_fedora_2012_1690_java-1.7.0-openjdk_fc16.nasl |
| 2012-03-19 | Name : Fedora Update for nss FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_nss_fc16.nasl |
| 2012-03-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2011-15555 File : nvt/gb_fedora_2011_15555_java-1.7.0-openjdk_fc16.nasl |
| 2012-03-12 | Name : Debian Security Advisory DSA 2420-1 (openjdk-6) File : nvt/deb_2420_1.nasl |
| 2012-03-12 | Name : Gentoo Security Advisory GLSA 201203-02 (cURL) File : nvt/glsa_201203_02.nasl |
| 2012-03-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1721 File : nvt/gb_fedora_2012_1721_java-1.6.0-openjdk_fc15.nasl |
| 2012-03-09 | Name : Ubuntu Update for openjdk-6 USN-1373-1 File : nvt/gb_ubuntu_USN_1373_1.nasl |
| 2012-03-07 | Name : Ubuntu Update for openjdk-6b18 USN-1373-2 File : nvt/gb_ubuntu_USN_1373_2.nasl |
| 2012-02-27 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0322-01 File : nvt/gb_RHSA-2012_0322-01_java-1.6.0-openjdk.nasl |
| 2012-02-21 | Name : Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 01) File : nvt/gb_oracle_java_se_jdk_mult_vuln_feb12_win_01.nasl |
| 2012-02-21 | Name : Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 03) File : nvt/gb_oracle_java_se_mult_vuln_feb12_win_03.nasl |
| 2012-02-21 | Name : Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 01) File : nvt/gb_oracle_java_se_mult_vuln_feb12_win_01.nasl |
| 2012-02-21 | Name : Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 03) File : nvt/gb_oracle_java_se_jdk_mult_vuln_feb12_win_03.nasl |
| 2012-02-21 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:021 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_021.nasl |
| 2012-02-12 | Name : Debian Security Advisory DSA 2398-1 (curl) File : nvt/deb_2398_1.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201111_02.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2358-1 (openjdk-6) File : nvt/deb_2358_1.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2356-1 (openjdk-6) File : nvt/deb_2356_1.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2368-1 (lighttpd) File : nvt/deb_2368_1.nasl |
| 2012-02-06 | Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl |
| 2012-01-25 | Name : Ubuntu Update for openjdk-6 USN-1263-2 File : nvt/gb_ubuntu_USN_1263_2.nasl |
| 2012-01-23 | Name : Fedora Update for xulrunner FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_xulrunner_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for thunderbird FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_thunderbird_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for thunderbird-lightning FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_thunderbird-lightning_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_perl-Gtk2-MozEmbed_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for nss FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nss_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for nss-util FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nss-util_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for nss-softokn FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nss-softokn_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for nspr FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nspr_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for gnome-python2-extras FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_gnome-python2-extras_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for firefox FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_firefox_fc15.nasl |
| 2012-01-11 | Name : Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584) File : nvt/secpod_ms12-006.nasl |
| 2011-11-18 | Name : Ubuntu Update for icedtea-web USN-1263-1 File : nvt/gb_ubuntu_USN_1263_1.nasl |
| 2011-11-15 | Name : Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01) File : nvt/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl |
| 2011-11-15 | Name : Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03) File : nvt/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl |
| 2011-11-15 | Name : Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04) File : nvt/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl |
| 2011-11-14 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_170.nasl |
| 2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638 File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl |
| 2011-10-21 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:1380-01 File : nvt/gb_RHSA-2011_1380-01_java-1.6.0-openjdk.nasl |
| 2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14648 File : nvt/gb_fedora_2011_14648_java-1.6.0-openjdk_fc15.nasl |
| 2011-10-21 | Name : CentOS Update for java CESA-2011:1380 centos5 i386 File : nvt/gb_CESA-2011_1380_java_centos5_i386.nasl |
| 2011-09-09 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Windows) File : nvt/gb_opera_extented_validation_info_disc_vuln_win.nasl |
| 2011-09-09 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Mac OS X) File : nvt/gb_opera_extented_validation_info_disc_vuln_macosx.nasl |
| 0000-00-00 | Name : FreeBSD Ports: opera, linux-opera File : nvt/freebsd_opera25.nasl |
| 0000-00-00 | Name : Java for Mac OS X 10.6 Update 6 And 10.7 Update 1 File : nvt/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 76511 | Oracle Java SE JRE Networking Component Unspecified Remote Information Disclo... Oracle Java SE contains a flaw related to the Networking sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information. No further details have been provided. |
| 76507 | Oracle Java SE JRE JSSE Component Unspecified Remote Issue Oracle Java SE contains a flaw related to the JSSE sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information and manipulate unspecified data. No further details have been provided. |
| 76506 | Oracle Java SE JRE RMI Component Unspecified Remote Issue (2011-3557) Oracle Java SE contains a flaw related to the RMI sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
| 76505 | Oracle Java SE JRE RMI Component Unspecified Remote Issue (2011-3556) Oracle Java SE contains a flaw related to the RMI sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
| 76501 | Oracle Java SE JRE Swing Component Unspecified Remote Issue Oracle Java SE contains a flaw related to the Swing sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
| 76499 | Oracle Java SE JRE jsound.dll MixerSequencer.nAddControllerEventCallback Func... |
| 76498 | Oracle Java SE JRE Component Unspecified Remote Issue (2011-3554) Oracle Java SE contains a flaw related to the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
| 76497 | Oracle Java SE JRE Networking Component java.net.Socket API UDP Socket Satura... |
| 76496 | Oracle Java SE JRE IIOP Deserialization Applet Handling Remote Code Execution |
| 76495 | Oracle Java SE JRE AWT Component Unspecified Remote Issue (2011-3548) Oracle Java SE contains a flaw related to the AWT sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
| 74829 | SSL Chained Initialization Vector CBC Mode MiTM Weakness |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2014-02-27 | IAVM : 2014-A-0030 - Apple Mac OS X Security Update 2014-001 Severity : Category I - VMSKEY : V0044547 |
| 2013-10-17 | IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0040786 |
| 2012-09-13 | IAVM : 2012-A-0147 - Multiple Vulnerabilities in VMware vCenter Server 4.1 Severity : Category I - VMSKEY : V0033793 |
| 2012-09-13 | IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0033794 |
| 2012-05-03 | IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager Severity : Category I - VMSKEY : V0032178 |
| 2012-03-29 | IAVM : 2012-A-0048 - Multiple Vulnerabilities in VMware vCenter Update Manager 5.0 Severity : Category I - VMSKEY : V0031901 |
| 2012-01-13 | IAVM : 2012-B-0006 - Microsoft SSL/TLS Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0031054 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT |
| 2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit eot outbound connection RuleID : 29453 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit landing page request RuleID : 29452 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit outbound jar request RuleID : 29451 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit outbound connection attempt RuleID : 29450 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit landing page RuleID : 29449 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit landing page RuleID : 29448 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit jar outbound connection RuleID : 29446 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit fonts download page RuleID : 29445 - Revision : 2 - Type : EXPLOIT-KIT |
| 2018-06-15 | Goon/Infinity exploit kit payload download attempt RuleID : 28795-community - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Goon/Infinity exploit kit payload download attempt RuleID : 28795 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page request RuleID : 28478 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit outbound pdf request RuleID : 28477 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - readme.dll RuleID : 27898 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - calc.dll RuleID : 27897 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - contacts.dll RuleID : 27896 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - info.dll RuleID : 27895 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - about.dll RuleID : 27894 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit malicious redirection attempt RuleID : 27815 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page request RuleID : 27814 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page with payload RuleID : 27813 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit possible jar download RuleID : 27706 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit Java exploit requested RuleID : 27705 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit Java exploit requested RuleID : 27704 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit plugin detection RuleID : 27703 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit landing page RuleID : 27702 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da Jar file download RuleID : 27701 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | iFramer toolkit injected iframe detected - specific structure RuleID : 27271 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 27072 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 27071 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit JNLP request RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific structure RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jovf RuleID : 27042-community - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jovf RuleID : 27042 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jlnp RuleID : 27041-community - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jlnp RuleID : 27041 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jorg RuleID : 27040-community - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jorg RuleID : 27040 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Goon/Infinity/Redkit exploit kit short jar request RuleID : 26808 - Revision : 11 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26807 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit short JNLP request RuleID : 26806 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit encrypted binary download RuleID : 26805 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit landing page - specific structure RuleID : 26653 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | iFramer injection - specific structure RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit successful redirection - jnlp bypass RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | iFramer injection - specific structure RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java payload detection RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sakura exploit kit redirection structure RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf payload detection RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit java payload detection RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - info.dll RuleID : 26508 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page - specific structure RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit jar file redirection RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit jar file downloaded RuleID : 26434 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26384 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26383 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit java exploit request RuleID : 26377 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page redirection RuleID : 26351 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | TDS redirection - may lead to exploit kit RuleID : 26350 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit obfuscated portable executable RuleID : 26349 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit java exploit delivery RuleID : 26348 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit java exploit request RuleID : 26347 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit payload requested RuleID : 26346 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26345 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page redirection RuleID : 26344 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear exploit kit landing page RuleID : 26343 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear exploit kit landing page - specific structure RuleID : 26342 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear exploit kit landing page RuleID : 26341 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval - ff.php RuleID : 26339 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | IFRAMEr injection detection - leads to exploit kit RuleID : 26338 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page - specific structure RuleID : 26337 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit redirection page RuleID : 26297 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page RuleID : 26296 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar download RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit redirection page RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit MyApplet class retrieval RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit redirection page RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 26227 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 26091 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page RuleID : 26090 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit Portable Executable download RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar file download RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit SWF file download RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit PDF exploit RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit redirection structure RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit iframe redirection attempt RuleID : 26033 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page RuleID : 26031 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit redirection page received RuleID : 26013 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 25989 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 25988 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit three number PDF Request RuleID : 25972 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit redirection RuleID : 25971 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit Portable Executable download RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit SWF file download RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit former location - has been removed RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit SWF file download RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit PDF exploit RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit Java exploit download RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit PDF exploit RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit 32-alpha jar request RuleID : 25798 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection successful RuleID : 25611 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25598 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25597 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25596 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25595 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25594 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25593 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page - specific structure RuleID : 25591 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific structure RuleID : 25590 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25576 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25575 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25574 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25573 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page RuleID : 25569 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 25568 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple Exploit Kit Payload detection - setup.exe RuleID : 25526 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25510 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25509 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25508 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25507 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25506 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25505 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection successful RuleID : 25388 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - readme.exe RuleID : 25387 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - about.exe RuleID : 25386 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - calc.exe RuleID : 25385 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - contacts.exe RuleID : 25384 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - info.exe RuleID : 25383 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit malicious jar file dropped RuleID : 25382 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25328 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25327 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25326 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25325 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page detected RuleID : 25324 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25323 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25322 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit redirection attempt RuleID : 25255 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit portable executable download request RuleID : 25140 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit eot outbound connection RuleID : 25139 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit pdf outbound connection RuleID : 25138 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit jar outbound connection RuleID : 25137 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection RuleID : 25136 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx Exploit Kit outbound connection RuleID : 25135 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit 32-bit font file download RuleID : 25056 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit 64-bit font file download RuleID : 25055 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit outbound class retrieval RuleID : 25053 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit Java Exploit requested - 3 digit RuleID : 25052 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page redirection RuleID : 25051 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit requesting payload RuleID : 25045 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit url structure detected RuleID : 25043 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java Runtime true type font idef opcode heap buffer overflow attempt RuleID : 24915 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24865 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24864 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24863 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24862 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24861 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24860 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit 64-bit font file download RuleID : 24784 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit 32-bit font file download RuleID : 24783 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit outbound request RuleID : 24782 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit outbound request RuleID : 24781 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit - PDF Exploit RuleID : 24780 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit - PDF Exploit RuleID : 24779 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page - Title RuleID : 24778 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java Runtime true type font idef opcode heap buffer overflow attempt RuleID : 24701 - Revision : 12 - Type : FILE-JAVA |
| 2014-01-10 | Blackholev2 exploit kit redirection successful RuleID : 24638 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection page - specific structure RuleID : 24637 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection page - specific structure RuleID : 24636 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page download attempt RuleID : 24608 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page received - specific structure RuleID : 24593 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page download attempt RuleID : 24548 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page download attempt RuleID : 24547 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page download attempt RuleID : 24546 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole admin page outbound access attempt RuleID : 24544 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole admin page inbound access attempt RuleID : 24543 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit fallback executable download RuleID : 24501 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole - Cookie Set RuleID : 24475 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page Received RuleID : 24228 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 - URI Structure RuleID : 24227 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page received RuleID : 24226 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole possible email Landing to 8 chr folder RuleID : 24171 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure RuleID : 24054 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure RuleID : 24053 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - fewbgazr catch RuleID : 23962 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - hwehes RuleID : 23850 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole redirection attempt RuleID : 23849 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole redirection attempt RuleID : 23848 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole redirection page RuleID : 23797 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - Math.round catch RuleID : 23786 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - Math.floor catch RuleID : 23785 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page RuleID : 23781 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page request - tkr RuleID : 23622 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch ... RuleID : 23619 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java Zip file directory record overflow attempt RuleID : 23560 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java MixerSequencer RMF MIDI structure handling exploit attempt RuleID : 23490 - Revision : 8 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Oracle Java Zip file directory record overflow attempt RuleID : 23243 - Revision : 13 - Type : FILE-JAVA |
| 2014-01-10 | Redkit exploit kit landing page Received - applet and flowbit RuleID : 23225 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page Requested - 8Digit.html RuleID : 23224 - Revision : 13 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page Received - applet and code RuleID : 23223 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page Received - applet and 5 digit jar attempt RuleID : 23222 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit Jar File Naming Algorithm RuleID : 23221 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit Java Exploit Requested - 5 digit jar RuleID : 23220 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit Java Exploit request to .class file RuleID : 23219 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit Repeated Exploit Request Pattern RuleID : 23218 - Revision : 11 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page download attempt RuleID : 23159 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 23158 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear Pack exploit kit binary download RuleID : 23157 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear Pack exploit kit landing page RuleID : 23156 - Revision : 11 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole redirection attempt RuleID : 22949 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole Exploit Kit javascript service method RuleID : 22088 - Revision : 12 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole landing redirection page RuleID : 22041 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole suspected landing page RuleID : 22040 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole suspected landing page RuleID : 22039 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit landing page with specific structure - Loading RuleID : 21876 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Possible exploit kit post compromise activity - taskkill RuleID : 21875 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Possible exploit kit post compromise activity - StrReverse RuleID : 21874 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Java JRE sandbox breach attempt RuleID : 21869 - Revision : 8 - Type : FILE-OTHER |
| 2014-01-10 | Phoenix exploit kit post-compromise behavior RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC |
| 2014-01-10 | Oracle Java JRE sandbox Atomic breach attempt RuleID : 21667 - Revision : 11 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JRE sandbox Atomic breach attempt RuleID : 21666 - Revision : 11 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JRE sandbox Atomic breach attempt RuleID : 21665 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JRE sandbox Atomic breach attempt RuleID : 21664 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - catch RuleID : 21661 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page Requested - /Index/index.php RuleID : 21660 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page Requested - /Home/index.php RuleID : 21659 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page RuleID : 21658 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page - specific structure RuleID : 21657 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21646-community - Revision : 16 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21646 - Revision : 16 - Type : EXPLOIT-KIT |
| 2014-01-10 | Phoenix exploit kit landing page RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - BBB RuleID : 21581 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific header RuleID : 21549 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific header RuleID : 21539 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21492-community - Revision : 22 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21492 - Revision : 22 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit JavaScript carat string splitting with hostile applet RuleID : 21438-community - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit JavaScript carat string splitting with hostile applet RuleID : 21438 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit URL - search.php?page= RuleID : 21348 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit URL - .php?page= RuleID : 21347 - Revision : 12 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit malicious jar download RuleID : 21346 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit malicious jar request RuleID : 21345 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit pdf download RuleID : 21344 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit pdf request RuleID : 21343 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit response RuleID : 21259 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit control panel access RuleID : 21141 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit post-exploit page request RuleID : 21071 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit pdf exploit page request RuleID : 21070 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit exploit fetch request RuleID : 21069 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit landing page RuleID : 21068 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page RuleID : 21045 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page RuleID : 21044 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit post-compromise download attempt - .php?e= RuleID : 21043 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit post-compromise download attempt - .php?f= RuleID : 21042 - Revision : 11 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit URL - main.php?page= RuleID : 21041 - Revision : 12 - Type : EXPLOIT-KIT |
| 2014-01-10 | SSL CBC encryption mode weakness brute force attempt RuleID : 20212 - Revision : 11 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2012-0005_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-02-12 | Name : A telephony application running on the remote host is affected by multiple vu... File : asterisk_ast_2016_003.nasl - Type : ACT_GATHER_INFO |
| 2016-02-05 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_559f3d1bcb1d11e580a4001999f8d30b.nasl - Type : ACT_GATHER_INFO |
| 2016-01-25 | Name : The remote Debian host is missing a security update. File : debian_DLA-400.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-154.nasl - Type : ACT_GATHER_INFO |
| 2015-01-27 | Name : The remote web server is affected by an information disclosure vulnerability. File : oracle_http_server_cpu_jan_2015_ldap.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_fetchmail_20121016.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_python_20130410.nasl - Type : ACT_GATHER_INFO |
| 2014-12-12 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_2323236_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13777.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1080.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO |
| 2014-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13764.nasl - Type : ACT_GATHER_INFO |
| 2014-07-22 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_apr_2012.nasl - Type : ACT_GATHER_INFO |
| 2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-100.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-136.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-302.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-76.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-111025.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-111024.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_nss-201112-111220.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_opera-110906.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_curl-120124.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-openjdk-111025.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-openjdk-120222.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-sun-111024.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_nss-201112-111220.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_opera-110906.nasl - Type : ACT_GATHER_INFO |
| 2014-02-25 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2014-001.nasl - Type : ACT_GATHER_INFO |
| 2014-02-07 | Name : The remote mail server is affected by an information disclosure vulnerability. File : kerio_connect_810.nasl - Type : ACT_GATHER_INFO |
| 2014-01-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO |
| 2013-10-23 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_9.nasl - Type : ACT_GATHER_INFO |
| 2013-10-16 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-10.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-43.nasl - Type : ACT_GATHER_INFO |
| 2013-07-23 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_2_1_0.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1380.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0135.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0322.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1088.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-1089.nasl - Type : ACT_GATHER_INFO |
| 2013-06-05 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-037.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_feb_2012_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2011_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-120529.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-120427.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0702.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
| 2012-09-20 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_7_5.nasl - Type : ACT_GATHER_INFO |
| 2012-09-20 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-004.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-097.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-149.nasl - Type : ACT_GATHER_INFO |
| 2012-08-30 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_18ce9a90f26911e1be53080027ef73ec.nasl - Type : ACT_GATHER_INFO |
| 2012-08-03 | Name : The remote host has an application installed that is affected by multiple vul... File : macosx_xcode_4_4.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111018_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111019_java_1_6_0_sun_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120214_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120216_java_1_6_0_sun_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120221_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1088.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-1089.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1088.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1089.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-096.nasl - Type : ACT_GATHER_INFO |
| 2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9135.nasl - Type : ACT_GATHER_INFO |
| 2012-06-15 | Name : The remote Windows host contains software that is affected by multiple vulner... File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO |
| 2012-06-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-8151.nasl - Type : ACT_GATHER_INFO |
| 2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_7_4.nasl - Type : ACT_GATHER_INFO |
| 2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-002.nasl - Type : ACT_GATHER_INFO |
| 2012-05-07 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5785.nasl - Type : ACT_GATHER_INFO |
| 2012-05-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-5924.nasl - Type : ACT_GATHER_INFO |
| 2012-05-04 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5916.nasl - Type : ACT_GATHER_INFO |
| 2012-05-02 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-5892.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0514.nasl - Type : ACT_GATHER_INFO |
| 2012-04-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0508.nasl - Type : ACT_GATHER_INFO |
| 2012-04-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-058.nasl - Type : ACT_GATHER_INFO |
| 2012-04-16 | Name : It may be possible to obtain sensitive information from the remote host with ... File : ssl3_tls1_iv_impl_info_disclosure.nasl - Type : ACT_GATHER_INFO |
| 2012-04-05 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update7.nasl - Type : ACT_GATHER_INFO |
| 2012-04-05 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_7_2012-001.nasl - Type : ACT_GATHER_INFO |
| 2012-03-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0005.nasl - Type : ACT_GATHER_INFO |
| 2012-03-09 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2012-0003.nasl - Type : ACT_GATHER_INFO |
| 2012-03-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-02.nasl - Type : ACT_GATHER_INFO |
| 2012-03-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1373-2.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2420.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote Fedora host is missing a security update. File : fedora_2012-2595.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-120223.nasl - Type : ACT_GATHER_INFO |
| 2012-02-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-120220.nasl - Type : ACT_GATHER_INFO |
| 2012-02-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1373-1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-120105.nasl - Type : ACT_GATHER_INFO |
| 2012-02-22 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1721.nasl - Type : ACT_GATHER_INFO |
| 2012-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0322.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1711.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-021.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0139.nasl - Type : ACT_GATHER_INFO |
| 2012-02-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0135.nasl - Type : ACT_GATHER_INFO |
| 2012-02-16 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1690.nasl - Type : ACT_GATHER_INFO |
| 2012-02-15 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_feb_2012.nasl - Type : ACT_GATHER_INFO |
| 2012-02-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0135.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes several security vuln... File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO |
| 2012-01-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2398.nasl - Type : ACT_GATHER_INFO |
| 2012-01-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7908.nasl - Type : ACT_GATHER_INFO |
| 2012-01-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1263-2.nasl - Type : ACT_GATHER_INFO |
| 2012-01-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7926.nasl - Type : ACT_GATHER_INFO |
| 2012-01-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-17399.nasl - Type : ACT_GATHER_INFO |
| 2012-01-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0034.nasl - Type : ACT_GATHER_INFO |
| 2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2358.nasl - Type : ACT_GATHER_INFO |
| 2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2368.nasl - Type : ACT_GATHER_INFO |
| 2012-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0006.nasl - Type : ACT_GATHER_INFO |
| 2012-01-10 | Name : It may be possibe to obtain sensitive information from the remote Windows hos... File : smb_nt_ms12-006.nasl - Type : ACT_GATHER_INFO |
| 2011-12-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-17400.nasl - Type : ACT_GATHER_INFO |
| 2011-12-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a4a809d825c811e1b53100215c6a37bb.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7862.nasl - Type : ACT_GATHER_INFO |
| 2011-12-07 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1160.nasl - Type : ACT_GATHER_INFO |
| 2011-12-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2356.nasl - Type : ACT_GATHER_INFO |
| 2011-11-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1478.nasl - Type : ACT_GATHER_INFO |
| 2011-11-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1263-1.nasl - Type : ACT_GATHER_INFO |
| 2011-11-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15555.nasl - Type : ACT_GATHER_INFO |
| 2011-11-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-170.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote host has a version of Java installed that is affected by multiple ... File : macosx_java_10_6_update6.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote host has a version of Java installed that is affected by multiple ... File : macosx_java_10_7_update1.nasl - Type : ACT_GATHER_INFO |
| 2011-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15020.nasl - Type : ACT_GATHER_INFO |
| 2011-11-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO |
| 2011-10-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1380.nasl - Type : ACT_GATHER_INFO |
| 2011-10-20 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2011.nasl - Type : ACT_GATHER_INFO |
| 2011-10-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1384.nasl - Type : ACT_GATHER_INFO |
| 2011-10-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1380.nasl - Type : ACT_GATHER_INFO |
| 2011-09-01 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1151.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-02-29 21:29:52 |
|
| 2016-02-24 09:28:59 |
|
