Vulnerabilities > CVE-2010-3568 - Unspecified vulnerability in SUN JDK and JRE

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

sun

nessus

NVD

Published: 2010-10-19

Updated: 2024-11-21

Summary

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.

Vulnerable Configurations

Part	Description	Count
Application	Sun SUN JRE 1.6.0 SUN JRE 1.5.0 SUN JRE 1.4.2_26 SUN JRE 1.4.2_7 SUN JRE - SUN JRE 1.1.7 SUN JRE 1.1.8 SUN JRE 1.2.2 SUN JRE 1.3.0 SUN JRE 1.3.1 SUN JRE 1.3.1_2 SUN JRE 1.3.1_03 SUN JRE 1.3.1_04 SUN JRE 1.3.1_05 SUN JRE 1.3.1_06 SUN JRE 1.3.1_07 SUN JRE 1.3.1_08 SUN JRE 1.3.1_09 SUN JRE 1.3.1_10 SUN JRE 1.3.1_11 SUN JRE 1.3.1_12 SUN JRE 1.3.1_13 SUN JRE 1.3.1_14 SUN JRE 1.3.1_15 SUN JRE 1.3.1_16 SUN JRE 1.3.1_17 SUN JRE 1.3.1_18 SUN JRE 1.3.1_19 SUN JRE 1.3.1_20 SUN JRE 1.3.1_21 SUN JRE 1.3.1_22 SUN JRE 1.3.1_23 SUN JRE 1.3.1_24 SUN JRE 1.3.1_25 SUN JRE 1.3.1_26 SUN JRE 1.3.1_27 SUN JRE 1.3.1_28 SUN JRE 1.4 SUN JRE 1.4.0 SUN JRE 1.4.0_01 SUN JRE 1.4.0_02 SUN JRE 1.4.0_03 SUN JRE 1.4.0_04 SUN JRE 1.4.1 SUN JRE 1.4.1_02 SUN JRE 1.4.1_03 SUN JRE 1.4.1_04 SUN JRE 1.4.1_05 SUN JRE 1.4.1_06 SUN JRE 1.4.1_07 SUN JRE 1.4.2 SUN JRE 1.4.2_01 SUN JRE 1.4.2_1 SUN JRE 1.4.2_02 SUN JRE 1.4.2_2 SUN JRE 1.4.2_03 SUN JRE 1.4.2_3 SUN JRE 1.4.2_04 SUN JRE 1.4.2_4 SUN JRE 1.4.2_05 SUN JRE 1.4.2_5 SUN JRE 1.4.2_06 SUN JRE 1.4.2_6 SUN JRE 1.4.2_07 SUN JRE 1.4.2_08 SUN JRE 1.4.2_8 SUN JRE 1.4.2_09 SUN JRE 1.4.2_9 SUN JRE 1.4.2_10 SUN JRE 1.4.2_11 SUN JRE 1.4.2_12 SUN JRE 1.4.2_13 SUN JRE 1.4.2_14 SUN JRE 1.4.2_15 SUN JRE 1.4.2_16 SUN JRE 1.4.2_17 SUN JRE 1.4.2_18 SUN JRE 1.4.2_19 SUN JRE 1.4.2_20 SUN JRE 1.4.2_21 SUN JRE 1.4.2_22 SUN JRE 1.4.2_23 SUN JRE 1.4.2_24 SUN JRE 1.4.2_25 SUN JRE 1.4.2_27 SUN JDK 1.6.0 SUN JDK 1.5.0 SUN SDK - SUN SDK 1.1.3 SUN SDK 1.1.8_007 SUN SDK 1.2.2_010 SUN SDK 1.2.2_10 SUN SDK 1.2.2_14 SUN SDK 1.3.0 SUN SDK 1.3.0_01 SUN SDK 1.3.0_02 SUN SDK 1.3.0_03 SUN SDK 1.3.0_04 SUN SDK 1.3.0_05 SUN SDK 1.3.1 SUN SDK 1.3.1_01 SUN SDK 1.3.1_01A SUN SDK 1.3.1_02 SUN SDK 1.3.1_03 SUN SDK 1.3.1_04 SUN SDK 1.3.1_05 SUN SDK 1.3.1_06 SUN SDK 1.3.1_07 SUN SDK 1.3.1_08 SUN SDK 1.3.1_09 SUN SDK 1.3.1_10 SUN SDK 1.3.1_11 SUN SDK 1.3.1_12 SUN SDK 1.3.1_13 SUN SDK 1.3.1_14 SUN SDK 1.3.1_15 SUN SDK 1.3.1_16 SUN SDK 1.3.1_17 SUN SDK 1.3.1_18 SUN SDK 1.3.1_19 SUN SDK 1.3.1_20 SUN SDK 1.3.1_21 SUN SDK 1.3.1_22 SUN SDK 1.3.1_23 SUN SDK 1.3.1_24 SUN SDK 1.3.1_25 SUN SDK 1.3.1_26 SUN SDK 1.3.1_27 SUN SDK 1.3.1_28 SUN SDK 1.3_02 SUN SDK 1.3_05 SUN SDK 1.4.0 SUN SDK 1.4.0_01 SUN SDK 1.4.0_02 SUN SDK 1.4.0_03 SUN SDK 1.4.0_04 SUN SDK 1.4.1 SUN SDK 1.4.1_02 SUN SDK 1.4.1_03 SUN SDK 1.4.1_04 SUN SDK 1.4.1_05 SUN SDK 1.4.1_06 SUN SDK 1.4.1_07 SUN SDK 1.4.2 SUN SDK 1.4.2_01 SUN SDK 1.4.2_1 SUN SDK 1.4.2_02 SUN SDK 1.4.2_2 SUN SDK 1.4.2_03 SUN SDK 1.4.2_3 SUN SDK 1.4.2_04 SUN SDK 1.4.2_4 SUN SDK 1.4.2_05 SUN SDK 1.4.2_5 SUN SDK 1.4.2_06 SUN SDK 1.4.2_6 SUN SDK 1.4.2_07 SUN SDK 1.4.2_7 SUN SDK 1.4.2_08 SUN SDK 1.4.2_8 SUN SDK 1.4.2_09 SUN SDK 1.4.2_9 SUN SDK 1.4.2_10 SUN SDK 1.4.2_11 SUN SDK 1.4.2_12 SUN SDK 1.4.2_13 SUN SDK 1.4.2_14 SUN SDK 1.4.2_15 SUN SDK 1.4.2_16 SUN SDK 1.4.2_17 SUN SDK 1.4.2_18 SUN SDK 1.4.2_19 SUN SDK 1.4.2_20 SUN SDK 1.4.2_21 SUN SDK 1.4.2_22 SUN SDK 1.4.2_23 SUN SDK 1.4.2_24 SUN SDK 1.4.2_25 SUN SDK 1.4.2_26 SUN SDK 1.4.2_27	343

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_JAVA-1_4_2-IBM-7231.NASL
description	IBM Java 1.4.2 was updated to SR13 FP6 to fix various bugs and security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	51339
published	2010-12-17
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/51339
title	SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 7231)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_2_JAVA-1_6_0-SUN-101019.NASL
description	Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560
last seen	2020-06-01
modified	2020-06-02
plugin id	50299
published	2010-10-22
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50299
title	openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2011-0013.NASL
description	a. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b. ESX third-party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. c. ESX third-party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. f. Integer overflow in VMware third-party component sfcb This release resolves an integer overflow issue present in the third-party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	56665
published	2011-10-28
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/56665
title	VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20101110_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL
description	defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	60892
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60892
title	Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1010-1.NASL
description	Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user
last seen	2020-06-01
modified	2020-06-02
plugin id	50410
published	2010-10-29
reporter	Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50410
title	Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openjdk-6, openjdk-6b18 vulnerabilities (USN-1010-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2010-0786.NASL
description	Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.4.2 SR13-FP6 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM
last seen	2020-06-01
modified	2020-06-02
plugin id	50078
published	2010-10-21
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50078
title	RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0786)

NASL family	SuSE Local Security Checks
NASL id	SUSE_JAVA-1_6_0-IBM-7312.NASL
description	IBM Java 6 SR9 was released, fixing a lot of security issues. IBM JDK Alerts can also be found on this page: http://www.ibm.com/developerworks/java/jdk/alerts/
last seen	2020-06-01
modified	2020-06-02
plugin id	51750
published	2011-01-27
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/51750
title	SuSE 10 Security Update : IBM Java 6 SR9 (ZYPP Patch Number 7312)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12659.NASL
description	This update brings IBM Java 5 to Service Release 12 Fixpack 2. It fixes quite a large number of security problems and other bugs. The security issues are tracked by the following CVE ids : - CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574. (CVE-2009-3555)
last seen	2020-06-01
modified	2020-06-02
plugin id	50854
published	2010-12-01
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50854
title	SuSE9 Security Update : IBM Java 5 JRE and SDK (YOU Patch Number 12659)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2010-0873.NASL
description	Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM
last seen	2020-06-01
modified	2020-06-02
plugin id	50641
published	2010-11-18
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50641
title	RHEL 6 : java-1.5.0-ibm (RHSA-2010:0873)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20101013_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL
description	defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	60868
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60868
title	Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2010-0865.NASL
description	Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	50637
published	2010-11-18
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50637
title	RHEL 6 : java-1.6.0-openjdk (RHSA-2010:0865)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201111-02.NASL
description	The remote host is affected by the vulnerability described in GLSA-201111-02 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	56724
published	2011-11-07
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/56724
title	GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)

NASL family	Misc.
NASL id	VMWARE_VMSA-2011-0013_REMOTE.NASL
description	The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL
last seen	2020-06-01
modified	2020-06-02
plugin id	89681
published	2016-03-04
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/89681
title	VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2011-0003.NASL
description	a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. f. vCenter Server third-party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. g. ESX third-party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. h. ESXi third-party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. i. ESX third-party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. j. ESX third-party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Notes : - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release. - The update also addresses CVE-2010-2240 for ESX 4.0.
last seen	2020-06-01
modified	2020-06-02
plugin id	51971
published	2011-02-14
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/51971
title	VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

NASL family	SuSE Local Security Checks
NASL id	SUSE_JAVA-1_5_0-IBM-7205.NASL
description	This update brings IBM Java 5 to Service Release 12 Fixpack 2. It fixes quite a large number of security problems and other bugs. The security issues are tracked by the following CVE ids: CVE-2009-3555 / CVE-2010-1321 / CVE-2010-3541 / CVE-2010-3548 / CVE-2010-3549 / CVE-2010-3550 / CVE-2010-3551 / CVE-2010-3556 / CVE-2010-3559 / CVE-2010-3562 / CVE-2010-3565 / CVE-2010-3566 / CVE-2010-3568 / CVE-2010-3569 / CVE-2010-3572 / CVE-2010-3573 / CVE-2010-3574
last seen	2020-06-01
modified	2020-06-02
plugin id	50968
published	2010-12-02
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50968
title	SuSE 10 Security Update : IBM Java 5 (ZYPP Patch Number 7205)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2010-0768.NASL
description	From Red Hat Security Advisory 2010:0768 : Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	68117
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68117
title	Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2010-0768)

NASL family	Windows
NASL id	ORACLE_JAVA_CPU_OCT_2010.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 22 / 5.0 Update 26 / 1.4.2_28. Such versions are potentially affected by security issue in the following components : - CORBA - Deployment - Deployment Toolkit - Java 2D - Java Web Start - JNDI - JRE - JSSE - Kerberos - Networking - New Java Plug-in - Sound - Swing
last seen	2020-06-01
modified	2020-06-02
plugin id	49996
published	2010-10-15
reporter	This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/49996
title	Oracle Java SE Multiple Vulnerabilities (October 2010 CPU)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-16294.NASL
description	- Thu Oct 7 2010 Jiri Vanek <jvanek at redhat.com> -1:1.6.0-43.1.8.2 - Imports icedtea6-1.8.2 - changed Release versioning from openjdkver to icedteaver - Resolves: rhbz#533125 - Resolves: rhbz#639876 - Resolves: rhbz#639880 - Resolves: rhbz#639897 - Resolves: rhbz#639904 - Resolves: rhbz#639909 - Resolves: rhbz#639914 - Resolves: rhbz#639920 - Resolves: rhbz#639922 - Resolves: rhbz#639925 - Resolves: rhbz#639951 - Resolves: rhbz#6622002 - Resolves: rhbz#6623943 - Resolves: rhbz#6925672 - Resolves: rhbz#6952017 - Resolves: rhbz#6952603 - Resolves: rhbz#6961084 - Resolves: rhbz#6963285 - Resolves: rhbz#6980004 - Resolves: rhbz#6981426 - Resolves: rhbz#6990437 - Mon Jul 26 2010 Martin Matejovic <mmatejov at redhat.com> -1:1.6.0-42.b18 - Imports icedtea6-1.8.1 - Removed: java-1.6.0-openjdk-plugin.patch - Resolves: rhbz#616893 - Resolves: rhbz#616895 - Mon Jun 14 2010 Martin Matejovic <mmatejov at redhat.com> -1:1.6.0.-41.b18 - Fixed plugin update to IcedTeaPlugin.so - Fixed plugin cpu usage issue - Fixed plugin rewrites ? in URL - Added java-1.6.0-openjdk-plugin.patch - Resovles: rhbz#598353 - Resolves: rhbz#592553 - Resolves: rhbz#602906 - Fri Jun 11 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-40.b18 - Rebuild - Tue Jun 8 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-39.b18 - Added icedtea6-1.8 - Added openjdk b18 - Added visualvm_122 - Added netbeans-profiler-visualvm_release68_1.tar.gz - Added jdk6-jaf-2009_10_27.zip as SOURCE9 - Added jdk6-jaxp-2009_10_13.zip as SOURCE10 - Added jdk6-jaxws-2009_10_27.zip as SOURCE11 - Added java-1.6.0-openjdk-visualvm-update.patch - Removed java-1.6.0-openjdk-securitypatches-20100323.patch - Removed java-1.6.0-openjdk-linux-globals.patch - Removed java-1.6.0-openjdk-memory-barriers.patch - Resolved: rhbz#595191 - Resovles: rhbz#596850 - Resolves: rhbz#597134 - Resolves: rhbz#580432 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	50035
published	2010-10-20
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50035
title	Fedora 13 : java-1.6.0-openjdk-1.6.0.0-43.1.8.2.fc13 (2010-16294)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12658.NASL
description	IBM Java 1.4.2 was updated to SR13 FP6 to fix various bugs and security issues. Following CVEs are tracked for this update: CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3556 CVE-2010-3557 CVE-2010-3562 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-3571 CVE-2010-3572
last seen	2020-06-01
modified	2020-06-02
plugin id	51338
published	2010-12-17
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/51338
title	SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12658)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2011-0880.NASL
description	Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM
last seen	2020-06-01
modified	2020-06-02
plugin id	63983
published	2013-01-24
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/63983
title	RHEL 5 : IBM Java Runtime (RHSA-2011:0880)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_JAVA-1_6_0-SUN-101019.NASL
description	Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html
last seen	2020-06-01
modified	2020-06-02
plugin id	50919
published	2010-12-02
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/50919
title	SuSE 11 / 11.1 Security Update : Java 1.6.0 (SAT Patch Numbers 3347 / 3349)

NASL family	SuSE Local Security Checks
NASL id	SUSE_JAVA-1_6_0-SUN-7204.NASL
description	Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked for this update: CVE-2010-3556 / CVE-2010-3562 / CVE-2010-3565 / CVE-2010-3566 / CVE-2010-3567 / CVE-2010-3571 / CVE-2010-3554 / CVE-2010-3563 / CVE-2010-3568 / CVE-2010-3569 / CVE-2010-3558 / CVE-2010-3552 / CVE-2010-3559 / CVE-2010-3572 / CVE-2010-3553 / CVE-2010-3555 / CVE-2010-3550 / CVE-2010-3570 / CVE-2010-3561 / CVE-2009-3555 / CVE-2010-1321 / CVE-2010-3549 / CVE-2010-3557 / CVE-2010-3541 / CVE-2010-3573 / CVE-2010-3574 / CVE-2010-3548 / CVE-2010-3551 / CVE-2010-3560
last seen	2020-06-01
modified	2020-06-02
plugin id	51751
published	2011-01-27
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/51751
title	SuSE 10 Security Update : Sun Java 1.6.0 (ZYPP Patch Number 7204)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2010-0987.NASL
description	Updated java-1.6.0-ibm packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM
last seen	2020-06-01
modified	2020-06-02
plugin id	51197
published	2010-12-16
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/51197
title	RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2010:0987)

NASL family	Misc.
NASL id	VMWARE_VMSA-2011-0003_REMOTE.NASL
description	The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Apache Tomcat - Apache Tomcat Manager - cURL - Java Runtime Environment (JRE) - Kernel - Microsoft SQL Express - OpenSSL - pam_krb5
last seen	2020-06-01
modified	2020-06-02
plugin id	89674
published	2016-03-04
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/89674
title	VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2010-0768.NASL
description	Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	50003
published	2010-10-18
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50003
title	CentOS 5 : java-1.6.0-openjdk (CESA-2010:0768)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-16240.NASL
description	- Thu Oct 7 2010 Jiri Vanek <jvanek at redhat.com> -1:1.6.0-41.1.8.2 - Imports icedtea6-1.8.2 - changed Release versioning from openjdkver to icedteaver - Resolves: rhbz#533125 - Resolves: rhbz#639876 - Resolves: rhbz#639880 - Resolves: rhbz#639897 - Resolves: rhbz#639904 - Resolves: rhbz#639909 - Resolves: rhbz#639914 - Resolves: rhbz#639920 - Resolves: rhbz#639922 - Resolves: rhbz#639925 - Resolves: rhbz#639951 - Resolves: rhbz#6622002 - Resolves: rhbz#6623943 - Resolves: rhbz#6925672 - Resolves: rhbz#6952017 - Resolves: rhbz#6952603 - Resolves: rhbz#6961084 - Resolves: rhbz#6963285 - Resolves: rhbz#6980004 - Resolves: rhbz#6981426 - Resolves: rhbz#6990437 - Mon Jul 26 2010 Martin Matejovic <mmatejov at redhat.com> -1:1.6.0-40.b18 - Imports icedtea6-1.8.1 - Removed: java-1.6.0-openjdk-plugin.patch - Resolves: rhbz#616893 - Resolves: rhbz#616895 - Mon Jun 14 2010 Martin Matejovic <mmatejov at redhat.com> -1:1.6.0.-39.b18 - Fixed plugin update to IcedTeaPlugin.so - Fixed plugin cpu usage issue - Fixed plugin rewrites ? in URL - Added java-1.6.0-openjdk-plugin.patch - Resovles: rhbz#598353 - Resolves: rhbz#592553 - Resolves: rhbz#602906 - Tue Apr 20 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-38.b18 - Added icedtea6-1.8 - Added openjdk b18 - Added jdk6-jaf-2009_10_27.zip as SOURCE9 - Added jdk6-jaxp-2009_10_13.zip as SOURCE10 - Added jdk6-jaxws-2009_10_27.zip as SOURCE11 - Removed java-1.6.0-openjdk-securitypatches-20100323.patch - Removed java-1.6.0-openjdk-linux-globals.patch - Removed java-1.6.0-openjdk-memory-barriers.patch - Removed java-1.6.0-openjdk-pulse-audio-libs.patch - Enabled NPPlugin - Tue Mar 30 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-37.b17 - Added java-1.6.0-openjdk-securitypatches-20100323.patch [plus 62 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	50295
published	2010-10-22
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50295
title	Fedora 12 : java-1.6.0-openjdk-1.6.0.0-41.1.8.2.fc12 (2010-16240)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20101014_JAVA__JDK_1_6_0__ON_SL4_X.NASL
description	This update fixes several vulnerabilities in the Java 6 Software Development Kit. Further information about these flaws can be found on the
last seen	2020-06-01
modified	2020-06-02
plugin id	60869
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60869
title	Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_2_JAVA-1_6_0-OPENJDK-101103.NASL
description	Icedtea included in java-1_6_0-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities - S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free - S6938813, CVE-2010-3557: OpenJDK Swing mutable static - S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak - S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting) - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection
last seen	2020-06-01
modified	2020-06-02
plugin id	53731
published	2011-05-05
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53731
title	openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_1_JAVA-1_6_0-SUN-101019.NASL
description	Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560
last seen	2020-06-01
modified	2020-06-02
plugin id	50298
published	2010-10-22
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50298
title	openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)

NASL family	Misc.
NASL id	ORACLE_JAVA_CPU_OCT_2010_UNIX.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 22 / 5.0 Update 26 / 1.4.2_28. Such versions are potentially affected by security issue in the following components : - CORBA - Deployment - Deployment Toolkit - Java 2D - Java Web Start - JNDI - JRE - JSSE - Kerberos - Networking - New Java Plug-in - Sound - Swing
last seen	2020-06-01
modified	2020-06-02
plugin id	64843
published	2013-02-22
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64843
title	Oracle Java SE Multiple Vulnerabilities (October 2010 CPU) (Unix)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2010-0807.NASL
description	Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM
last seen	2020-06-01
modified	2020-06-02
plugin id	50360
published	2010-10-28
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50360
title	RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0807)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_1_JAVA-1_6_0-OPENJDK-101103.NASL
description	Icedtea included in java-1_6_0-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities - S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free - S6938813, CVE-2010-3557: OpenJDK Swing mutable static - S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak - S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting) - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection
last seen	2020-06-01
modified	2020-06-02
plugin id	53662
published	2011-05-05
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53662
title	openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-16312.NASL
description	- Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation - Bug #642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004) - Bug #639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564) - Bug #642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017) - Bug #642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603) - Bug #642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002) - Bug #639880 - CVE-2010-3554 CVE-2010-3561 OpenJDK corba reflection vulnerabilities (6891766,6925672) - Bug #639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813) - Bug #639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710) - Bug #639914 - CVE-2010-3564 OpenJDK kerberos vulnerability (6958060) - Bug #639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023) - Bug #642197 - CVE-2010-3567 OpenJDK ICU Opentype layout engine crash (6963285) - Bug #639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775) - Bug #639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692) - Bug #642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	50007
published	2010-10-18
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50007
title	Fedora 14 : java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14 (2010-16312)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2010-0768.NASL
description	Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	49974
published	2010-10-14
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/49974
title	RHEL 5 : java-1.6.0-openjdk (RHSA-2010:0768)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_JAVA-1_6_0-IBM-101220.NASL
description	IBM Java 6 SR9 was released which fixes a lot of security issues. IBM JDK Alerts can also be found on this page: http://www.ibm.com/developerworks/java/jdk/alerts/
last seen	2020-06-01
modified	2020-06-02
plugin id	51667
published	2011-01-25
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/51667
title	SuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 3724)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2010-0770.NASL
description	Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the
last seen	2020-06-01
modified	2020-06-02
plugin id	49990
published	2010-10-15
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/49990
title	RHEL 4 / 5 : java-1.6.0-sun (RHSA-2010:0770)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201406-32.NASL
description	The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	76303
published	2014-06-30
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76303
title	GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_3_JAVA-1_6_0-OPENJDK-101103.NASL
description	Icedtea included in java-1_6_0-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities - S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free - S6938813, CVE-2010-3557: OpenJDK Swing mutable static - S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak - S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting) - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection
last seen	2020-06-01
modified	2020-06-02
plugin id	75534
published	2014-06-13
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75534
title	openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_3_JAVA-1_6_0-SUN-101019.NASL
description	Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560
last seen	2020-06-01
modified	2020-06-02
plugin id	75540
published	2014-06-13
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75540
title	openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_JAVA-1_4_2-IBM-101112.NASL
description	IBM Java 1.4.2 was updated to SR13 FP6 to fix various bugs and security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	51605
published	2011-01-21
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/51605
title	SuSE 11.1 Security Update : IBM Java 1.4.2 (SAT Patch Number 3528)

Oval

accepted

2015-06-01T04:00:08.543-04:00

class

vulnerability

contributors

name SecPod Team
organization SecPod Technologies
name Maria Mikhno
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT

definition_extensions

comment Java Development Kit is installed
oval oval:org.mitre.oval:def:12203
comment Java SE Development Kit 6 is installed
oval oval:org.mitre.oval:def:15831
comment Java Runtime Environment is installed
oval oval:org.mitre.oval:def:11627
comment Java SE Runtime Environment 6 is installed
oval oval:org.mitre.oval:def:16362

description

family

windows

oval:org.mitre.oval:def:12029

status

accepted

submitted

2010-11-19T05:18:13

title

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions

version

accepted

2015-04-20T04:00:18.118-04:00

class

vulnerability

contributors

name Varun Narula
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Prashant Kumar
organization Hewlett-Packard
name Mike Cokus
organization The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:12206

status

accepted

submitted

2011-02-02T17:07:54.000-05:00

title

HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.

version

Redhat

advisories

rhsa
id RHSA-2010:0768
rhsa
id RHSA-2010:0770
rhsa
id RHSA-2010:0786
rhsa
id RHSA-2010:0807
rhsa
id RHSA-2010:0865
rhsa
id RHSA-2010:0873
rhsa
id RHSA-2010:0986
rhsa
id RHSA-2010:0987
rhsa
id RHSA-2011:0880

rpms

java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5
java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5
java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5
java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5
java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5
java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5
java-1.6.0-sun-1:1.6.0.22-1jpp.1.el4
java-1.6.0-sun-1:1.6.0.22-1jpp.1.el5
java-1.6.0-sun-demo-1:1.6.0.22-1jpp.1.el4
java-1.6.0-sun-demo-1:1.6.0.22-1jpp.1.el5
java-1.6.0-sun-devel-1:1.6.0.22-1jpp.1.el4
java-1.6.0-sun-devel-1:1.6.0.22-1jpp.1.el5
java-1.6.0-sun-jdbc-1:1.6.0.22-1jpp.1.el4
java-1.6.0-sun-jdbc-1:1.6.0.22-1jpp.1.el5
java-1.6.0-sun-plugin-1:1.6.0.22-1jpp.1.el4
java-1.6.0-sun-plugin-1:1.6.0.22-1jpp.1.el5
java-1.6.0-sun-src-1:1.6.0.22-1jpp.1.el4
java-1.6.0-sun-src-1:1.6.0.22-1jpp.1.el5
java-1.4.2-ibm-0:1.4.2.13.6-1jpp.2.el4
java-1.4.2-ibm-0:1.4.2.13.6-1jpp.2.el5
java-1.4.2-ibm-0:1.4.2.13.6-1jpp.3.el3
java-1.4.2-ibm-demo-0:1.4.2.13.6-1jpp.2.el4
java-1.4.2-ibm-demo-0:1.4.2.13.6-1jpp.2.el5
java-1.4.2-ibm-demo-0:1.4.2.13.6-1jpp.3.el3
java-1.4.2-ibm-devel-0:1.4.2.13.6-1jpp.2.el4
java-1.4.2-ibm-devel-0:1.4.2.13.6-1jpp.2.el5
java-1.4.2-ibm-devel-0:1.4.2.13.6-1jpp.3.el3
java-1.4.2-ibm-javacomm-0:1.4.2.13.6-1jpp.2.el4
java-1.4.2-ibm-javacomm-0:1.4.2.13.6-1jpp.2.el5
java-1.4.2-ibm-jdbc-0:1.4.2.13.6-1jpp.2.el4
java-1.4.2-ibm-jdbc-0:1.4.2.13.6-1jpp.2.el5
java-1.4.2-ibm-jdbc-0:1.4.2.13.6-1jpp.3.el3
java-1.4.2-ibm-plugin-0:1.4.2.13.6-1jpp.2.el4
java-1.4.2-ibm-plugin-0:1.4.2.13.6-1jpp.2.el5
java-1.4.2-ibm-plugin-0:1.4.2.13.6-1jpp.3.el3
java-1.4.2-ibm-src-0:1.4.2.13.6-1jpp.2.el4
java-1.4.2-ibm-src-0:1.4.2.13.6-1jpp.2.el5
java-1.4.2-ibm-src-0:1.4.2.13.6-1jpp.3.el3
java-1.5.0-ibm-1:1.5.0.12.2-1jpp.1.el4
java-1.5.0-ibm-1:1.5.0.12.2-1jpp.1.el5
java-1.5.0-ibm-accessibility-1:1.5.0.12.2-1jpp.1.el5
java-1.5.0-ibm-demo-1:1.5.0.12.2-1jpp.1.el4
java-1.5.0-ibm-demo-1:1.5.0.12.2-1jpp.1.el5
java-1.5.0-ibm-devel-1:1.5.0.12.2-1jpp.1.el4
java-1.5.0-ibm-devel-1:1.5.0.12.2-1jpp.1.el5
java-1.5.0-ibm-javacomm-1:1.5.0.12.2-1jpp.1.el4
java-1.5.0-ibm-javacomm-1:1.5.0.12.2-1jpp.1.el5
java-1.5.0-ibm-jdbc-1:1.5.0.12.2-1jpp.1.el4
java-1.5.0-ibm-jdbc-1:1.5.0.12.2-1jpp.1.el5
java-1.5.0-ibm-plugin-1:1.5.0.12.2-1jpp.1.el4
java-1.5.0-ibm-plugin-1:1.5.0.12.2-1jpp.1.el5
java-1.5.0-ibm-src-1:1.5.0.12.2-1jpp.1.el4
java-1.5.0-ibm-src-1:1.5.0.12.2-1jpp.1.el5
java-1.6.0-openjdk-1:1.6.0.0-1.31.b17.el6_0
java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.31.b17.el6_0
java-1.6.0-openjdk-demo-1:1.6.0.0-1.31.b17.el6_0
java-1.6.0-openjdk-devel-1:1.6.0.0-1.31.b17.el6_0
java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.31.b17.el6_0
java-1.6.0-openjdk-src-1:1.6.0.0-1.31.b17.el6_0
java-1.5.0-ibm-1:1.5.0.12.2-1jpp.1.el6
java-1.5.0-ibm-demo-1:1.5.0.12.2-1jpp.1.el6
java-1.5.0-ibm-devel-1:1.5.0.12.2-1jpp.1.el6
java-1.5.0-ibm-javacomm-1:1.5.0.12.2-1jpp.1.el6
java-1.5.0-ibm-src-1:1.5.0.12.2-1jpp.1.el6
java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8
java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5
java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8
java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5
java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8
java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5
java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8
java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5
java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8
java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5
java-1.6.0-ibm-1:1.6.0.9.0-1jpp.3.el4
java-1.6.0-ibm-1:1.6.0.9.0-1jpp.3.el5
java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el6
java-1.6.0-ibm-accessibility-1:1.6.0.9.0-1jpp.3.el5
java-1.6.0-ibm-demo-1:1.6.0.9.0-1jpp.3.el4
java-1.6.0-ibm-demo-1:1.6.0.9.0-1jpp.3.el5
java-1.6.0-ibm-demo-1:1.6.0.9.0-1jpp.4.el6
java-1.6.0-ibm-devel-1:1.6.0.9.0-1jpp.3.el4
java-1.6.0-ibm-devel-1:1.6.0.9.0-1jpp.3.el5
java-1.6.0-ibm-devel-1:1.6.0.9.0-1jpp.4.el6
java-1.6.0-ibm-javacomm-1:1.6.0.9.0-1jpp.3.el4
java-1.6.0-ibm-javacomm-1:1.6.0.9.0-1jpp.3.el5
java-1.6.0-ibm-javacomm-1:1.6.0.9.0-1jpp.4.el6
java-1.6.0-ibm-jdbc-1:1.6.0.9.0-1jpp.3.el4
java-1.6.0-ibm-jdbc-1:1.6.0.9.0-1jpp.3.el5
java-1.6.0-ibm-jdbc-1:1.6.0.9.0-1jpp.4.el6
java-1.6.0-ibm-plugin-1:1.6.0.9.0-1jpp.3.el4
java-1.6.0-ibm-plugin-1:1.6.0.9.0-1jpp.3.el5
java-1.6.0-ibm-plugin-1:1.6.0.9.0-1jpp.4.el6
java-1.6.0-ibm-src-1:1.6.0.9.0-1jpp.3.el4
java-1.6.0-ibm-src-1:1.6.0.9.0-1jpp.3.el5
java-1.6.0-ibm-src-1:1.6.0.9.0-1jpp.4.el6
java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5
java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References