Executive Summary
| Summary | |
|---|---|
| Title | java-1.6.0-sun security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2011:0282 | First vendor Publication | 2011-02-17 |
| Vendor | RedHat | Last vendor Modification | 2011-02-17 |
| Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the "Oracle Java SE and Java for Business Critical Patch Update Advisory" page, listed in the References section. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which resolve these issues. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service 675942 - CVE-2010-4472 OpenJDK untrusted code allowed to replace DSIG/C14N implementation (6994263) 675958 - CVE-2010-4469 OpenJDK Hotspot verifier heap corruption (6878713) 675984 - CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662) 676005 - CVE-2010-4470 OpenJDK JAXP untrusted component state manipulation (6927050) 676019 - CVE-2010-4471 OpenJDK Java2D font-related system property leak (6985453) 676023 - CVE-2010-4448 OpenJDK DNS cache poisoning by untrusted applets (6981922) 676026 - CVE-2010-4450 OpenJDK Launcher incorrect processing of empty library path entries (6983554) 677957 - CVE-2010-4475 JDK unspecified vulnerability in Deployment component 677958 - CVE-2010-4473 JDK unspecified vulnerability in Sound component 677959 - CVE-2010-4468 JDK unspecified vulnerability in JDBC component 677960 - CVE-2010-4467 JDK unspecified vulnerability in Deployment component 677961 - CVE-2010-4466 JDK unspecified vulnerability in Deployment component 677963 - CVE-2010-4463 JDK unspecified vulnerability in Deployment component 677966 - CVE-2010-4462 JDK unspecified vulnerability in Sound component 677967 - CVE-2010-4454 JDK unspecified vulnerability in Sound component 677968 - CVE-2010-4452 JDK unspecified vulnerability in Deployment component 677969 - CVE-2010-4451 JDK unspecified vulnerability in Install component 677970 - CVE-2010-4447 JDK unspecified vulnerability in Deployment component 677971 - CVE-2010-4422 JDK unspecified vulnerability in Deployment component |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2011-0282.html |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12879 | |||
| Oval ID: | oval:org.mitre.oval:def:12879 | ||
| Title: | DSA-2161-1 openjdk-6 -- denial of service | ||
| Description: | It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2161-1 CVE-2010-4476 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13546 | |||
| Oval ID: | oval:org.mitre.oval:def:13546 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4454 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13552 | |||
| Oval ID: | oval:org.mitre.oval:def:13552 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4468 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13639 | |||
| Oval ID: | oval:org.mitre.oval:def:13639 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4469 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13777 | |||
| Oval ID: | oval:org.mitre.oval:def:13777 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4463 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13942 | |||
| Oval ID: | oval:org.mitre.oval:def:13942 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4451 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14034 | |||
| Oval ID: | oval:org.mitre.oval:def:14034 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4465 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14039 | |||
| Oval ID: | oval:org.mitre.oval:def:14039 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4462 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14045 | |||
| Oval ID: | oval:org.mitre.oval:def:14045 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4448 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14076 | |||
| Oval ID: | oval:org.mitre.oval:def:14076 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4470 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14118 | |||
| Oval ID: | oval:org.mitre.oval:def:14118 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4472 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14119 | |||
| Oval ID: | oval:org.mitre.oval:def:14119 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4473 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14135 | |||
| Oval ID: | oval:org.mitre.oval:def:14135 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4450 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14230 | |||
| Oval ID: | oval:org.mitre.oval:def:14230 | ||
| Title: | Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4452 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14233 | |||
| Oval ID: | oval:org.mitre.oval:def:14233 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4475 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14271 | |||
| Oval ID: | oval:org.mitre.oval:def:14271 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4466 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14290 | |||
| Oval ID: | oval:org.mitre.oval:def:14290 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4422 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14328 | |||
| Oval ID: | oval:org.mitre.oval:def:14328 | ||
| Title: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4476 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14384 | |||
| Oval ID: | oval:org.mitre.oval:def:14384 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4467 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14403 | |||
| Oval ID: | oval:org.mitre.oval:def:14403 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4447 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14417 | |||
| Oval ID: | oval:org.mitre.oval:def:14417 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4471 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14589 | |||
| Oval ID: | oval:org.mitre.oval:def:14589 | ||
| Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4476 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:19493 | |||
| Oval ID: | oval:org.mitre.oval:def:19493 | ||
| Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4476 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:19678 | |||
| Oval ID: | oval:org.mitre.oval:def:19678 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4454 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19749 | |||
| Oval ID: | oval:org.mitre.oval:def:19749 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4463 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19776 | |||
| Oval ID: | oval:org.mitre.oval:def:19776 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4450 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19857 | |||
| Oval ID: | oval:org.mitre.oval:def:19857 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4448 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19972 | |||
| Oval ID: | oval:org.mitre.oval:def:19972 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4451 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19986 | |||
| Oval ID: | oval:org.mitre.oval:def:19986 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4470 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20014 | |||
| Oval ID: | oval:org.mitre.oval:def:20014 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4447 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20243 | |||
| Oval ID: | oval:org.mitre.oval:def:20243 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4471 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20365 | |||
| Oval ID: | oval:org.mitre.oval:def:20365 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4468 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20383 | |||
| Oval ID: | oval:org.mitre.oval:def:20383 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4422 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20466 | |||
| Oval ID: | oval:org.mitre.oval:def:20466 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4475 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20513 | |||
| Oval ID: | oval:org.mitre.oval:def:20513 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4466 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20543 | |||
| Oval ID: | oval:org.mitre.oval:def:20543 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4469 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20565 | |||
| Oval ID: | oval:org.mitre.oval:def:20565 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4472 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20580 | |||
| Oval ID: | oval:org.mitre.oval:def:20580 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4465 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20596 | |||
| Oval ID: | oval:org.mitre.oval:def:20596 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4467 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20622 | |||
| Oval ID: | oval:org.mitre.oval:def:20622 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4473 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20639 | |||
| Oval ID: | oval:org.mitre.oval:def:20639 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4452 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20649 | |||
| Oval ID: | oval:org.mitre.oval:def:20649 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4476 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20670 | |||
| Oval ID: | oval:org.mitre.oval:def:20670 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4462 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21420 | |||
| Oval ID: | oval:org.mitre.oval:def:21420 | ||
| Title: | RHSA-2011:0336: tomcat5 security update (Important) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0336-01 CESA-2011:0336 CVE-2010-4476 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | tomcat5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21713 | |||
| Oval ID: | oval:org.mitre.oval:def:21713 | ||
| Title: | RHSA-2011:0214: java-1.6.0-openjdk security update (Moderate) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0214-01 CVE-2010-4476 CESA-2011:0214-CentOS 5 | Version: | 6 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21907 | |||
| Oval ID: | oval:org.mitre.oval:def:21907 | ||
| Title: | RHSA-2011:0292: java-1.4.2-ibm security update (Moderate) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0292-01 CVE-2010-4476 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21931 | |||
| Oval ID: | oval:org.mitre.oval:def:21931 | ||
| Title: | RHSA-2011:0281: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0281-01 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4472 CESA-2011:0281-CentOS 5 | Version: | 83 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22826 | |||
| Oval ID: | oval:org.mitre.oval:def:22826 | ||
| Title: | ELSA-2011:0292: java-1.4.2-ibm security update (Moderate) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0292-01 CVE-2010-4476 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22845 | |||
| Oval ID: | oval:org.mitre.oval:def:22845 | ||
| Title: | ELSA-2011:0281: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0281-01 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4472 | Version: | 29 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22977 | |||
| Oval ID: | oval:org.mitre.oval:def:22977 | ||
| Title: | ELSA-2011:0336: tomcat5 security update (Important) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0336-01 CVE-2010-4476 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | tomcat5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23111 | |||
| Oval ID: | oval:org.mitre.oval:def:23111 | ||
| Title: | ELSA-2011:0490: java-1.4.2-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0490-01 CVE-2010-4447 CVE-2010-4448 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4473 CVE-2010-4475 | Version: | 30 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23319 | |||
| Oval ID: | oval:org.mitre.oval:def:23319 | ||
| Title: | ELSA-2011:0214: java-1.6.0-openjdk security update (Moderate) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0214-01 CVE-2010-4476 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28054 | |||
| Oval ID: | oval:org.mitre.oval:def:28054 | ||
| Title: | DEPRECATED: ELSA-2011-0214 -- java-1.6.0-openjdk security update (moderate) | ||
| Description: | [1.6.0.0-1.36.b17] - removed plugin. How it comes in?! - Resolves: rhbz#676295 [1.6.0.0-1.33.b17] - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz#676295 [1.6.0.0-1.22.b17] - Updated to 1.7.9 tarball - removed patch6, fixed upstrream - Resolves: rhbz#676295 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0214 CVE-2010-4476 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Oracle Java Applet2ClassLoader Vulnerability | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2011-03-16 | Sun Java Applet2ClassLoader Remote Code Execution Exploit |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-07-30 | Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64 File : nvt/gb_CESA-2011_0336_tomcat5_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2011:0214 centos5 x86_64 File : nvt/gb_CESA-2011_0214_java_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2011:0281 centos5 x86_64 File : nvt/gb_CESA-2011_0281_java_centos5_x86_64.nasl |
| 2012-06-06 | Name : RedHat Update for tomcat6 RHSA-2011:0335-01 File : nvt/gb_RHSA-2011_0335-01_tomcat6.nasl |
| 2012-03-15 | Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv... File : nvt/gb_VMSA-2011-0013.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201111_02.nasl |
| 2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638 File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl |
| 2011-08-29 | Name : Java for Mac OS X 10.5 Update 9 File : nvt/secpod_macosx_java_10_5_upd_9.nasl |
| 2011-08-29 | Name : Java for Mac OS X 10.6 Update 4 File : nvt/secpod_macosx_java_10_6_upd_4.nasl |
| 2011-08-12 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523 File : nvt/gb_fedora_2011_9523_java-1.6.0-openjdk_fc14.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2011:0281 centos5 i386 File : nvt/gb_CESA-2011_0281_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 i386 File : nvt/gb_CESA-2011_0336_tomcat5_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2011:0214 centos5 i386 File : nvt/gb_CESA-2011_0214_java_centos5_i386.nasl |
| 2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8003 File : nvt/gb_fedora_2011_8003_java-1.6.0-openjdk_fc14.nasl |
| 2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8020 File : nvt/gb_fedora_2011_8020_java-1.6.0-openjdk_fc13.nasl |
| 2011-06-06 | Name : HP-UX Update for Java HPSBUX02685 File : nvt/gb_hp_ux_HPSBUX02685.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2224-1 (openjdk-6) File : nvt/deb_2224_1.nasl |
| 2011-05-05 | Name : HP-UX Update for Apache Web Server HPSBUX02645 File : nvt/gb_hp_ux_HPSBUX02645.nasl |
| 2011-04-01 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_054.nasl |
| 2011-03-15 | Name : RedHat Update for tomcat5 RHSA-2011:0336-01 File : nvt/gb_RHSA-2011_0336-01_tomcat5.nasl |
| 2011-03-07 | Name : Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1 File : nvt/gb_ubuntu_USN_1079_1.nasl |
| 2011-03-07 | Name : Debian Security Advisory DSA 2161-2 (openjdk-6) File : nvt/deb_2161_2.nasl |
| 2011-03-07 | Name : Debian Security Advisory DSA 2161-1 (openjdk-6) File : nvt/deb_2161_1.nasl |
| 2011-02-28 | Name : Oracle Java SE Code Execution Vulnerability (Windows) File : nvt/secpod_oracle_java_code_exec_vuln_win.nasl |
| 2011-02-28 | Name : Oracle Java SE Code Execution Vulnerability (Windows-01) File : nvt/secpod_oracle_java_code_exec_vuln_win01.nasl |
| 2011-02-28 | Name : Oracle Java SE Code Execution Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_code_exec_vuln_win.nasl |
| 2011-02-28 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win.nasl |
| 2011-02-28 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win_feb11.nasl |
| 2011-02-28 | Name : SuSE Update for java-1_6_0-sun SUSE-SA:2011:010 File : nvt/gb_suse_2011_010.nasl |
| 2011-02-18 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645 File : nvt/gb_fedora_2011_1645_java-1.6.0-openjdk_fc14.nasl |
| 2011-02-18 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631 File : nvt/gb_fedora_2011_1631_java-1.6.0-openjdk_fc13.nasl |
| 2011-02-18 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01 File : nvt/gb_RHSA-2011_0281-01_java-1.6.0-openjdk.nasl |
| 2011-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1263 File : nvt/gb_fedora_2011_1263_java-1.6.0-openjdk_fc14.nasl |
| 2011-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1231 File : nvt/gb_fedora_2011_1231_java-1.6.0-openjdk_fc13.nasl |
| 2011-02-11 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0214-01 File : nvt/gb_RHSA-2011_0214-01_java-1.6.0-openjdk.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 71622 | Oracle Java SE / Java for Business XML Digital Signature Unspecified Remote DoS |
| 71621 | Oracle Java SE / Java for Business Networking Unspecified Remote DoS |
| 71620 | Oracle Java SE / Java for Business Launcher Unspecified Local Issue |
| 71619 | Oracle Java SE / Java for Business JDBC Unspecified Remote Issue |
| 71618 | Oracle Java SE / Java for Business Deployment Unspecified Remote Information ... |
| 71617 | Oracle Java SE / Java for Business Deployment Unspecified Remote Information ... |
| 71616 | Oracle Java SE / Java for Business 2D Unspecified Remote Information Disclosure |
| 71615 | Oracle Java SE / Java for Business JAXP Unspecified Remote DoS |
| 71614 | Oracle Java SE / Java for Business Deployment Java Runtime WWW-Authenticate R... |
| 71613 | Oracle Java SE / Java for Business Install Unspecified Remote Compromise |
| 71612 | Oracle Java SE / Java for Business Deployment Unspecified Remote Compromise (... |
| 71611 | Oracle Java SE / Java for Business Sound Unspecified Remote Compromise (2010-... |
| 71610 | Oracle Java SE / Java for Business Hotspot Unspecified Remote Compromise |
| 71609 | Oracle Java SE / Java for Business Deployment Unspecified Remote Compromise (... |
| 71608 | Oracle Java SE / Java for Business Swing Clipboard Handle Arbitrary Command I... |
| 71607 | Oracle Java SE / Java for Business Deployment Java Webstart JNLP Extension Pe... |
| 71606 | Oracle Java SE / Java for Business Sound Component XGetSamplePtrFromSnd PV_Sw... |
| 71605 | Oracle Java SE / Java for Business Sound Unspecified Remote Compromise (2010-... |
| 71193 | Oracle Java SE / Java for Business sun.plugin2.applet.Applet2ClassLoader fin... Oracle Java contains a flaw related to the findClass method of the sun.plugin2.applet.Applet2ClassLoader class failing to properly validate URLS supplied by a trusted applet. This may allow a context-dependent attacker to use a crafted file or page to execute arbitrary code. |
| 70965 | Oracle Java SE / Java for Business Double.parseDouble Method Floating Point ... Oracle Java SE and Java for Business contain a flaw that may allow a remote denial of service. The issue is triggered when the 'Double.parseDouble' method in JRE allows remote attackers to trigger an infinite loop with a crafted string, resulting in a denial of service. |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2012-05-03 | IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager Severity : Category I - VMSKEY : V0032178 |
| 2011-12-15 | IAVM : 2011-A-0173 - Multiple Vulnerabilities in VMware ESX 4.0 Severity : Category I - VMSKEY : V0030824 |
| 2011-12-01 | IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity : Category I - VMSKEY : V0030769 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Oracle Java XGetSamplePtrFromSnd memory corruption attempt RuleID : 24511 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java XGetSamplePtrFromSnd memory corruption attempt RuleID : 24510 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Eleanore exploit kit post-exploit page request RuleID : 21071 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit pdf exploit page request RuleID : 21070 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit exploit fetch request RuleID : 21069 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit landing page RuleID : 21068 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java Applet2ClassLoader Remote Code Execution RuleID : 18679 - Revision : 10 - Type : SERVER-OTHER |
| 2014-01-10 | Java floating point number denial of service - via POST RuleID : 18471 - Revision : 8 - Type : SERVER-WEBAPP |
| 2014-01-10 | Java floating point number denial of service - via URI RuleID : 18470 - Revision : 9 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-sun-110314.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-110228.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0335.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0281.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-3.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-2.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_feb_2011_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110309_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110309_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110217_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110217_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110210_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote database server is affected by multiple denial of service vulnerab... File : db2_9fp11.nasl - Type : ACT_GATHER_INFO |
| 2012-06-15 | Name : The remote Windows host contains software that is affected by multiple vulner... File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7443.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7440.nasl - Type : ACT_GATHER_INFO |
| 2011-11-23 | Name : The remote database server is affected by multiple denial of service vulnerab... File : db2_97fp5.nasl - Type : ACT_GATHER_INFO |
| 2011-11-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO |
| 2011-10-28 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO |
| 2011-05-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110504.nasl - Type : ACT_GATHER_INFO |
| 2011-05-13 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12706.nasl - Type : ACT_GATHER_INFO |
| 2011-05-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0490.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-110228.nasl - Type : ACT_GATHER_INFO |
| 2011-04-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2224.nasl - Type : ACT_GATHER_INFO |
| 2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0281.nasl - Type : ACT_GATHER_INFO |
| 2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
| 2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
| 2011-04-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12691.nasl - Type : ACT_GATHER_INFO |
| 2011-03-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-054.nasl - Type : ACT_GATHER_INFO |
| 2011-03-22 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7369.nasl - Type : ACT_GATHER_INFO |
| 2011-03-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-110307.nasl - Type : ACT_GATHER_INFO |
| 2011-03-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7350.nasl - Type : ACT_GATHER_INFO |
| 2011-03-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0364.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0357.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12683.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12682.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110223.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7348.nasl - Type : ACT_GATHER_INFO |
| 2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
| 2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0335.nasl - Type : ACT_GATHER_INFO |
| 2011-03-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update4.nasl - Type : ACT_GATHER_INFO |
| 2011-03-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update9.nasl - Type : ACT_GATHER_INFO |
| 2011-03-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-1.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0292.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0291.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-sun-7342.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0290.nasl - Type : ACT_GATHER_INFO |
| 2011-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0282.nasl - Type : ACT_GATHER_INFO |
| 2011-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0281.nasl - Type : ACT_GATHER_INFO |
| 2011-02-17 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1645.nasl - Type : ACT_GATHER_INFO |
| 2011-02-17 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1631.nasl - Type : ACT_GATHER_INFO |
| 2011-02-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_feb_2011.nasl - Type : ACT_GATHER_INFO |
| 2011-02-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2161.nasl - Type : ACT_GATHER_INFO |
| 2011-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1263.nasl - Type : ACT_GATHER_INFO |
| 2011-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1231.nasl - Type : ACT_GATHER_INFO |
| 2011-02-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:54:22 |
|
