Executive Summary
Summary | |
---|---|
Title | java-1.5.0-sun security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1571 | First vendor Publication | 2009-11-10 |
Vendor | RedHat | Last vendor Modification | 2009-11-10 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the "Advance notification of Security Updates for Java SE" page from Sun Microsystems, listed in the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3873, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884) Note: This is the final update for the java-1.5.0-sun packages, as the Sun Java SE Release family 5.0 has now reached End of Service Life. The next update will remove the java-1.5.0-sun packages. An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the IBM Developer Kit for Linux, which is available from the Extras and Supplementary channels on the Red Hat Network. For users of applications that are capable of using the Java 6 runtime, the OpenJDK open source JDK is included in Red Hat Enterprise Linux 5 (since 5.3) and is supported by Red Hat. Users of java-1.5.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 510197 - CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) 530053 - CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968) 530061 - CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877 530098 - CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533) 530173 - CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650) 530175 - CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables (6657026,6657138) 530296 - CVE-2009-3880 OpenJDK UI logging information leakage(6664512) 530297 - CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057) 530300 - CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1571.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-200 | Information Exposure |
22 % | CWE-399 | Resource Management Errors |
11 % | CWE-310 | Cryptographic Issues |
11 % | CWE-264 | Permissions, Privileges, and Access Controls |
11 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
11 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10191 | |||
Oval ID: | oval:org.mitre.oval:def:10191 | ||
Title: | Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PLF) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138. | ||
Description: | Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3883 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10328 | |||
Oval ID: | oval:org.mitre.oval:def:10328 | ||
Title: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
Description: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3876 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10469 | |||
Oval ID: | oval:org.mitre.oval:def:10469 | ||
Title: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
Description: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3877 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10520 | |||
Oval ID: | oval:org.mitre.oval:def:10520 | ||
Title: | Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533. | ||
Description: | Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3728 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10761 | |||
Oval ID: | oval:org.mitre.oval:def:10761 | ||
Title: | The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512. | ||
Description: | The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3880 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11484 | |||
Oval ID: | oval:org.mitre.oval:def:11484 | ||
Title: | Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. | ||
Description: | Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3881 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11686 | |||
Oval ID: | oval:org.mitre.oval:def:11686 | ||
Title: | The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265. | ||
Description: | The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3884 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13409 | |||
Oval ID: | oval:org.mitre.oval:def:13409 | ||
Title: | USN-830-1 -- openssl vulnerability | ||
Description: | Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-830-1 CVE-2009-2409 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13737 | |||
Oval ID: | oval:org.mitre.oval:def:13737 | ||
Title: | DSA-1874-1 nss -- several | ||
Description: | Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. CVE-2009-2408 Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. CVE-2009-2409 Certificates with MD2 hash signatures are no longer accepted since they’re no longer considered cryptographically secure. The old stable distribution doesn’t contain nss. For the stable distribution, these problems have been fixed in version 3.12.3.1-0lenny1. For the unstable distribution, these problems have been fixed in version 3.12.3.1-1. We recommend that you upgrade your nss packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1874-1 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nss |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13780 | |||
Oval ID: | oval:org.mitre.oval:def:13780 | ||
Title: | USN-810-2 -- nspr update | ||
Description: | USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site | ||
Family: | unix | Class: | patch |
Reference(s): | USN-810-2 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | nspr |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13850 | |||
Oval ID: | oval:org.mitre.oval:def:13850 | ||
Title: | USN-810-1 -- nss vulnerabilities | ||
Description: | Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site | ||
Family: | unix | Class: | patch |
Reference(s): | USN-810-1 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | nss |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13907 | |||
Oval ID: | oval:org.mitre.oval:def:13907 | ||
Title: | USN-859-1 -- openjdk-6 vulnerabilities | ||
Description: | Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation in OpenJDK. It was discovered that ICC profiles could be identified with ".." pathnames. If a user were tricked into running a specially crafted applet, a remote attacker could gain information about a local system. Peter Vreugdenhil discovered multiple flaws in the processing of graphics in the AWT library. If a user were tricked into running a specially crafted applet, a remote attacker could crash the application or run arbitrary code with user privileges. Multiple flaws were discovered in JPEG and BMP image handling. If a user were tricked into loading a specially crafted image, a remote attacker could crash the application or run arbitrary code with user privileges. Coda Hale discovered that HMAC-based signatures were not correctly validated. Remote attackers could bypass certain forms of authentication, granting unexpected access. Multiple flaws were discovered in ASN.1 parsing. A remote attacker could send a specially crafted HTTP stream that would exhaust system memory and lead to a denial of service. It was discovered that the graphics configuration subsystem did not correctly handle arrays. If a user were tricked into running a specially crafted applet, a remote attacker could exploit this to crash the application or execute arbitrary code with user privileges. It was discovered that loggers and Swing did not correctly handle certain sensitive objects. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. It was discovered that the ClassLoader did not correctly handle certain options. If a user were tricked into running a specially crafted applet, a remote attacker could execute arbitrary code with user privileges. It was discovered that time zone file loading could be used to determine the existence of files on the local system. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy | ||
Family: | unix | Class: | patch |
Reference(s): | USN-859-1 CVE-2009-2409 CVE-2009-3728 CVE-2009-3869 CVE-2009-3871 CVE-2009-3873 CVE-2009-3874 CVE-2009-3885 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877 CVE-2009-3879 CVE-2009-3880 CVE-2009-3882 CVE-2009-3883 CVE-2009-3881 CVE-2009-3884 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 9.10 Ubuntu 9.04 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22412 | |||
Oval ID: | oval:org.mitre.oval:def:22412 | ||
Title: | ELSA-2009:1186: nspr and nss security, bug fix, and enhancement update (Critical) | ||
Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1186-01 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | nspr nss |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22972 | |||
Oval ID: | oval:org.mitre.oval:def:22972 | ||
Title: | ELSA-2009:1643: java-1.4.2-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1643-01 CVE-2009-3867 CVE-2009-3868 CVE-2009-3869 CVE-2009-3871 CVE-2009-3872 CVE-2009-3873 CVE-2009-3874 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877 | Version: | 45 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25180 | |||
Oval ID: | oval:org.mitre.oval:def:25180 | ||
Title: | Vulnerability in OpenSSL 0.9.8 through 0.9.8k, might allow remote attackers to spoof certificates | ||
Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2409 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28253 | |||
Oval ID: | oval:org.mitre.oval:def:28253 | ||
Title: | DEPRECATED: ELSA-2010-0054 -- openssl security update (moderate) | ||
Description: | [0.9.8e-12.1] - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data() is called prematurely by application (#546707) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0054 CVE-2009-4355 CVE-2009-2409 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28898 | |||
Oval ID: | oval:org.mitre.oval:def:28898 | ||
Title: | RHSA-2009:1584 -- java-1.6.0-openjdk security update (Important) | ||
Description: | Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1584 CESA-2009:1584-CentOS 5 CVE-2009-2409 CVE-2009-3728 CVE-2009-3869 CVE-2009-3871 CVE-2009-3873 CVE-2009-3874 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877 CVE-2009-3879 CVE-2009-3880 CVE-2009-3881 CVE-2009-3882 CVE-2009-3883 CVE-2009-3884 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29071 | |||
Oval ID: | oval:org.mitre.oval:def:29071 | ||
Title: | USN-810-3 -- NSS regression | ||
Description: | USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (e.g. Firefox) to have an executable stack. This reduced the effectiveness of some defensive security protections. This update fixes the problem. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-810-3 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 3 |
Platform(s): | Ubuntu 9.04 Ubuntu 8.10 Ubuntu 8.04 | Product(s): | nss |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29169 | |||
Oval ID: | oval:org.mitre.oval:def:29169 | ||
Title: | RHSA-2009:1186 -- nspr and nss security, bug fix, and enhancement update (Critical) | ||
Description: | Updated nspr and nss packages that fix security issues, bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1186 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | nspr nss |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6631 | |||
Oval ID: | oval:org.mitre.oval:def:6631 | ||
Title: | Network Security Services Library Supports Certificates With Weak MD2 Hash Signatures | ||
Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2409 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6657 | |||
Oval ID: | oval:org.mitre.oval:def:6657 | ||
Title: | OpenJDK ICC_Profile File Existence Detection Information Leak | ||
Description: | Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3728 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6805 | |||
Oval ID: | oval:org.mitre.oval:def:6805 | ||
Title: | OpenJDK ASN.1/DER Input Stream Parser Denial of Service via Crafted DER Encoded Data | ||
Description: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3876 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6906 | |||
Oval ID: | oval:org.mitre.oval:def:6906 | ||
Title: | OpenJDK Resurrected Classloaders Can Still Have Children | ||
Description: | Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3881 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6960 | |||
Oval ID: | oval:org.mitre.oval:def:6960 | ||
Title: | OpenJDK Zoneinfo File Existence Information Leak | ||
Description: | The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3884 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6968 | |||
Oval ID: | oval:org.mitre.oval:def:6968 | ||
Title: | OpenJDK Information Leaks in Mutable Variables | ||
Description: | Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3883 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6970 | |||
Oval ID: | oval:org.mitre.oval:def:6970 | ||
Title: | OpenJDK JPEG Image Writer quantization problem | ||
Description: | The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3873 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7148 | |||
Oval ID: | oval:org.mitre.oval:def:7148 | ||
Title: | OpenJDK ASN.1/DER Input Stream Parser Denial of Service via Crafted HTTP Headers | ||
Description: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3877 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7155 | |||
Oval ID: | oval:org.mitre.oval:def:7155 | ||
Title: | VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR. | ||
Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2409 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7300 | |||
Oval ID: | oval:org.mitre.oval:def:7300 | ||
Title: | OpenJDK Information Leaks in Mutable Variables | ||
Description: | Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3882 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7316 | |||
Oval ID: | oval:org.mitre.oval:def:7316 | ||
Title: | OpenJDK UI Logging Information Leakage | ||
Description: | The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3880 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7545 | |||
Oval ID: | oval:org.mitre.oval:def:7545 | ||
Title: | OpenJDK GraphicsConfiguration Information Leak | ||
Description: | Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3879 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8111 | |||
Oval ID: | oval:org.mitre.oval:def:8111 | ||
Title: | DSA-1874 nss -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. Certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptographically secure. The old stable distribution (etch) doesn't contain nss. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1874 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nss |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8594 | |||
Oval ID: | oval:org.mitre.oval:def:8594 | ||
Title: | VMware Network Security Services (NSS) certificate spoofing vulnerability by using MD2 design flaw | ||
Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2409 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8841 | |||
Oval ID: | oval:org.mitre.oval:def:8841 | ||
Title: | Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026. | ||
Description: | Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3882 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9568 | |||
Oval ID: | oval:org.mitre.oval:def:9568 | ||
Title: | Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057. | ||
Description: | Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3879 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9602 | |||
Oval ID: | oval:org.mitre.oval:def:9602 | ||
Title: | The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. | ||
Description: | The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3873 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
2011-08-09 | Name : CentOS Update for openssl CESA-2010:0054 centos5 i386 File : nvt/gb_CESA-2010_0054_openssl_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for java CESA-2009:1584 centos5 i386 File : nvt/gb_CESA-2009_1584_java_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1432 centos3 i386 File : nvt/gb_CESA-2009_1432_seamonkey_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for gnutls CESA-2010:0166 centos5 i386 File : nvt/gb_CESA-2010_0166_gnutls_centos5_i386.nasl |
2010-05-28 | Name : Java for Mac OS X 10.6 Update 1 File : nvt/macosx_java_for_10_6_upd_1.nasl |
2010-05-28 | Name : Java for Mac OS X 10.5 Update 6 File : nvt/macosx_java_for_10_5_upd_6.nasl |
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2010-04-30 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2010_084.nasl |
2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos3 i386 File : nvt/gb_CESA-2010_0163_openssl_centos3_i386.nasl |
2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos4 i386 File : nvt/gb_CESA-2010_0163_openssl_centos4_i386.nasl |
2010-03-31 | Name : RedHat Update for openssl RHSA-2010:0163-01 File : nvt/gb_RHSA-2010_0163-01_openssl.nasl |
2010-03-31 | Name : RedHat Update for gnutls RHSA-2010:0166-01 File : nvt/gb_RHSA-2010_0166-01_gnutls.nasl |
2010-03-02 | Name : Mandriva Update for x11-driver-video-ati MDVA-2010:084 (x11-driver-video-ati) File : nvt/gb_mandriva_MDVA_2010_084.nasl |
2010-02-15 | Name : HP-UX Update for Java HPSBUX02503 File : nvt/gb_hp_ux_HPSBUX02503.nasl |
2010-01-20 | Name : RedHat Update for openssl RHSA-2010:0054-01 File : nvt/gb_RHSA-2010_0054-01_openssl.nasl |
2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1694 File : nvt/RHSA_2009_1694.nasl |
2009-12-14 | Name : RedHat Security Advisory RHSA-2009:1647 File : nvt/RHSA_2009_1647.nasl |
2009-12-14 | Name : RedHat Security Advisory RHSA-2009:1643 File : nvt/RHSA_2009_1643.nasl |
2009-12-14 | Name : Gentoo Security Advisory GLSA 200912-01 (openssl) File : nvt/glsa_200912_01.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:197-3 (nss) File : nvt/mdksa_2009_197_3.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:310 (openssl) File : nvt/mdksa_2009_310.nasl |
2009-11-23 | Name : SuSE Security Advisory SUSE-SA:2009:058 (java-1_6_0-sun) File : nvt/suse_sa_2009_058.nasl |
2009-11-23 | Name : Sun Java SE Multiple Vulnerabilities - Nov09 (Win) File : nvt/secpod_sun_java_se_mult_vuln_nov09_win.nasl |
2009-11-23 | Name : Debian Security Advisory DSA 1935-1 (gnutls13 gnutls26) File : nvt/deb_1935_1.nasl |
2009-11-23 | Name : CentOS Security Advisory CESA-2009:1584 (java-1.6.0-openjdk) File : nvt/ovcesa2009_1584.nasl |
2009-11-23 | Name : Gentoo Security Advisory GLSA 200911-02 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_200911_02.nasl |
2009-11-17 | Name : Fedora Core 12 FEDORA-2009-11489 (java-1.6.0-openjdk) File : nvt/fcore_2009_11489.nasl |
2009-11-17 | Name : Fedora Core 10 FEDORA-2009-11490 (java-1.6.0-openjdk) File : nvt/fcore_2009_11490.nasl |
2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1571 File : nvt/RHSA_2009_1571.nasl |
2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1584 File : nvt/RHSA_2009_1584.nasl |
2009-11-17 | Name : Fedora Core 11 FEDORA-2009-11486 (java-1.6.0-openjdk) File : nvt/fcore_2009_11486.nasl |
2009-11-13 | Name : Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux) File : nvt/gb_sun_java_jre_mult_vuln_nov09_lin.nasl |
2009-11-13 | Name : Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Win) File : nvt/gb_sun_java_jre_mult_vuln_nov09_win.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1560 File : nvt/RHSA_2009_1560.nasl |
2009-10-13 | Name : Mandrake Security Advisory MDVSA-2009:258 (openssl) File : nvt/mdksa_2009_258.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:238 (openssl) File : nvt/mdksa_2009_238.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:237 (openssl) File : nvt/mdksa_2009_237.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:239 (openssl) File : nvt/mdksa_2009_239.nasl |
2009-09-21 | Name : Debian Security Advisory DSA 1888-1 (openssl, openssl097) File : nvt/deb_1888_1.nasl |
2009-09-15 | Name : CentOS Security Advisory CESA-2009:1432 (seamonkey) File : nvt/ovcesa2009_1432.nasl |
2009-09-15 | Name : Ubuntu USN-830-1 (openssl) File : nvt/ubuntu_830_1.nasl |
2009-09-15 | Name : Mandrake Security Advisory MDVSA-2009:197-2 (nss) File : nvt/mdksa_2009_197_2.nasl |
2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1432 File : nvt/RHSA_2009_1432.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:216 (mozilla-thunderbird) File : nvt/mdksa_2009_216.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1874-1 (nss) File : nvt/deb_1874_1.nasl |
2009-09-02 | Name : Ubuntu USN-809-1 (gnutls26) File : nvt/ubuntu_809_1.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:197 (nss) File : nvt/mdksa_2009_197.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1207 File : nvt/RHSA_2009_1207.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1190 File : nvt/RHSA_2009_1190.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1186 File : nvt/RHSA_2009_1186.nasl |
2009-08-17 | Name : Ubuntu USN-810-1 (nss) File : nvt/ubuntu_810_1.nasl |
2009-08-17 | Name : Ubuntu USN-810-2 (fixed) File : nvt/ubuntu_810_2.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1184 File : nvt/RHSA_2009_1184.nasl |
2009-08-05 | Name : OpenSSL/GnuTLS SSL Server Spoofing Vulnerability (Win) File : nvt/gb_openssl_n_gnutls_ssl_spoof_vuln_win.nasl |
2009-08-05 | Name : Firefox SSL Server Spoofing Vulnerability (Win) File : nvt/gb_firefox_ssl_spoof_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
59922 | Sun Java SE X11 / Win32GraphicsDevice Subsystems getConfigurations Function C... |
59921 | Sun Java SE JRE Abstract Window Toolkit (AWT) Logger Object Restriction Infor... |
59920 | Sun Java SE TimeZone.getTimeZone Method tz File Handling Local File Enumeration |
59918 | Sun Java SE JRE ICC_Profile.getInstance Method Traversal Arbitrary ICC Profil... |
59917 | Sun Java SE Resurrected ClassLoader Children Handling Unspecified Remote Priv... |
59916 | Sun Java SE Swing Implementation Mutable Variable Leak Unspecified Issues |
59915 | Sun Java SE Swing Implementation Windows Pluggable Look and Feel (PL&F) M... |
59714 | Sun Java JDK / JRE JPEG Image Writer Unspecified Overflow (6862968) |
59706 | Sun Java JDK / JRE HTTP Header Parsing Unspecified Memory Exhaustion DoS |
59705 | Sun Java JDK / JRE DER Encoded Data Decoding Unspecified Memory Exhaustion DoS |
56752 | Network Security Services (NSS) Library X.509 Certificate MD2 Hash Collision ... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Oracle Java runtime JPEGImageReader overflow attempt RuleID : 20055 - Revision : 11 - Type : FILE-JAVA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0001_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15663.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1184.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1584.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0054.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-810-3.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_269868_unix.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1207.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1190.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100119_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_gnutls_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091109_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090909_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090731_nspr_and_nss_for_SL_5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090731_nspr_and_nss_for_SL_4_x.nasl - Type : ACT_GATHER_INFO |
2012-01-04 | Name : The remote server is affected by multiple vulnerabilities. File : openssl_0_9_8l.nasl - Type : ACT_GATHER_INFO |
2011-04-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6741.nasl - Type : ACT_GATHER_INFO |
2010-10-04 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-239.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0338.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
2010-04-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-084.nasl - Type : ACT_GATHER_INFO |
2010-03-31 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
2010-03-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1935.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1888.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1874.nasl - Type : ACT_GATHER_INFO |
2010-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0054.nasl - Type : ACT_GATHER_INFO |
2010-01-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0054.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO |
2010-01-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-100105.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6740.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0001.nasl - Type : ACT_GATHER_INFO |
2009-12-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1694.nasl - Type : ACT_GATHER_INFO |
2009-12-27 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12564.nasl - Type : ACT_GATHER_INFO |
2009-12-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1647.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1643.nasl - Type : ACT_GATHER_INFO |
2009-12-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-310.nasl - Type : ACT_GATHER_INFO |
2009-12-04 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update1.nasl - Type : ACT_GATHER_INFO |
2009-12-04 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update6.nasl - Type : ACT_GATHER_INFO |
2009-12-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200912-01.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-091127.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO |
2009-11-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO |
2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO |
2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO |
2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO |
2009-11-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO |
2009-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-859-1.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11486.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11489.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11490.nasl - Type : ACT_GATHER_INFO |
2009-11-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-091109.nasl - Type : ACT_GATHER_INFO |
2009-11-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-091109.nasl - Type : ACT_GATHER_INFO |
2009-11-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1571.nasl - Type : ACT_GATHER_INFO |
2009-11-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1560.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_269868.nasl - Type : ACT_GATHER_INFO |
2009-10-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-258.nasl - Type : ACT_GATHER_INFO |
2009-09-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-238.nasl - Type : ACT_GATHER_INFO |
2009-09-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-830-1.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-809-1.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-197.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-810-2.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-810-1.nasl - Type : ACT_GATHER_INFO |
2009-07-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1186.nasl - Type : ACT_GATHER_INFO |
2009-07-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1184.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:02 |
|