Vulnerabilities > CVE-2011-3544
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
Vulnerable Configurations
Exploit-Db
description | Java Applet Rhino Script Engine Remote Code Execution. CVE-2011-3544. Remote exploits for multiple platform |
id | EDB-ID:18171 |
last seen | 2016-02-02 |
modified | 2011-11-30 |
published | 2011-11-30 |
reporter | metasploit |
source | https://www.exploit-db.com/download/18171/ |
title | Java Applet Rhino Script Engine Remote Code Execution |
Metasploit
description | This module exploits a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects version 7 and version 6 update 27 and earlier, and should work on any browser that supports Java (for example: IE, Firefox, Google Chrome, etc) |
id | MSF:EXPLOIT/MULTI/BROWSER/JAVA_RHINO |
last seen | 2020-06-10 |
modified | 2017-07-24 |
published | 2011-11-30 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/java_rhino.rb |
title | Java Applet Rhino Script Engine Remote Code Execution |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2358.NASL description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1. - CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges. - CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine. - CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. - CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.) - CVE-2011-0868 A float-to-long conversion could overflow, allowing untrusted code (including applets) to crash the virtual machine. - CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. - CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code. - CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. - CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code. - CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. - CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. - CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. - CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. - CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. - CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions. last seen 2020-03-17 modified 2012-01-12 plugin id 57499 published 2012-01-12 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57499 title Debian DSA-2358-1 : openjdk-6 - several vulnerabilities (BEAST) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2358. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(57499); script_version("1.17"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0871", "CVE-2011-3389", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3553", "CVE-2011-3554", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3560"); script_bugtraq_id(48137, 48139, 48140, 48142, 48144, 48146, 48147, 49778, 50211, 50215, 50216, 50218, 50224, 50231, 50234, 50236, 50243, 50246, 50248); script_xref(name:"DSA", value:"2358"); script_name(english:"Debian DSA-2358-1 : openjdk-6 - several vulnerabilities (BEAST)"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1. - CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges. - CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine. - CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. - CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.) - CVE-2011-0868 A float-to-long conversion could overflow, allowing untrusted code (including applets) to crash the virtual machine. - CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. - CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code. - CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. - CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code. - CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. - CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. - CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. - CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. - CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. - CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-0862" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-0864" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-0865" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-0867" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-0868" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-0869" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-0871" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3389" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3521" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3544" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3547" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3548" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3551" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3552" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3553" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3554" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3556" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3557" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3560" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2011/dsa-2358" ); script_set_attribute( attribute:"solution", value: "Upgrade the openjdk-6 packages. For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Java RMI Server Insecure Default Configuration Java Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/14"); script_set_attribute(attribute:"patch_publication_date", value:"2011/12/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/12"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"openjdk-6", reference:"6b18-1.8.10-0~lenny2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_11_4_JAVA-1_6_0-SUN-111024.NASL description Oracle/Sun Java 1.6.0 was updated to the u26 release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. last seen 2020-06-01 modified 2020-06-02 plugin id 75874 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75874 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-170.NASL description Security issues were identified and fixed in openjdk (icedtea6) and icedtea-web : IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking (CVE-2011-3547). IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT (CVE-2011-3548). IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-3551). IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity via unknown vectors related to Networking (CVE-2011-3552). IcedTea6 prior to 1.10.4 allows remote authenticated users to affect confidentiality, related to JAXWS (CVE-2011-3553). IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting (CVE-2011-3544). IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization (CVE-2011-3521). IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors (CVE-2011-3554). A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection (CVE-2011-3389). Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag -Djsse.enableCBCProtection=false to the java command. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot (CVE-2011-3558). IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3556). IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3557). IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE (CVE-2011-3560). Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea project Web browser plugin. A malicious applet could use this flaw to bypass SOP protection and open connections to any sub-domain of the second-level domain of the applet last seen 2020-06-01 modified 2020-06-02 plugin id 56809 published 2011-11-14 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56809 title Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:170) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1380.NASL description From Red Hat Security Advisory 2011:1380 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556) A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557) A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially crafted input. (CVE-2011-3521) It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544) A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551) An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554) It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560) A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389) Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag last seen 2020-06-01 modified 2020-06-02 plugin id 68373 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68373 title Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-1380) (BEAST) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2356.NASL description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform : - CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. - CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code. - CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges. - CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. - CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. - CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. - CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. - CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. - CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions. last seen 2020-03-17 modified 2011-12-02 plugin id 56987 published 2011-12-02 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56987 title Debian DSA-2356-1 : openjdk-6 - several vulnerabilities (BEAST) NASL family Fedora Local Security Checks NASL id FEDORA_2011-15020.NASL description Update to latest upstream bugfix release - Security fixes - S7000600, CVE-2011-3547: InputStream skip() information leak - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine - S7055902, CVE-2011-3521: IIOP deserialization code execution - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer - S7077466, CVE-2011-3556: RMI DGC server remote code execution - S7083012, CVE-2011-3557: RMI registry privileged code execution - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection - Bug fixes - RH727195: Japanese font mappings are broken - Backports - S6826104, RH730015: Getting a NullPointer exception when clicked on Application & Toolkit Modal dialog - Zero/Shark - PR690: Shark fails to JIT using hs20. - PR696: Zero fails to handle fast_aldc and fast_aldc_w in hs20. - Added Patch6 as (probably temporally) solution for S7103224 for buildability on newest glibc libraries. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56719 published 2011-11-07 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56719 title Fedora 16 : java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16 (2011-15020) (BEAST) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1263-1.NASL description Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. (CVE-2011-3377) Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. (CVE-2011-3389) It was discovered that a type confusion flaw existed in the in the Internet Inter-Orb Protocol (IIOP) deserialization code. A remote attacker could use this to cause an untrusted application or applet to execute arbitrary code by deserializing malicious input. (CVE-2011-3521) It was discovered that the Java scripting engine did not perform SecurityManager checks. This could allow a remote attacker to cause an untrusted application or applet to execute arbitrary code with the full privileges of the JVM. (CVE-2011-3544) It was discovered that the InputStream class used a global buffer to store input bytes skipped. An attacker could possibly use this to gain access to sensitive information. (CVE-2011-3547) It was discovered that a vulnerability existed in the AWTKeyStroke class. A remote attacker could cause an untrusted application or applet to execute arbitrary code. (CVE-2011-3548) It was discovered that an integer overflow vulnerability existed in the TransformHelper class in the Java2D implementation. A remote attacker could use this cause a denial of service via an application or applet crash or possibly execute arbitrary code. (CVE-2011-3551) It was discovered that the default number of available UDP sockets for applications running under SecurityManager restrictions was set too high. A remote attacker could use this with a malicious application or applet exhaust the number of available UDP sockets to cause a denial of service for other applets or applications running within the same JVM. (CVE-2011-3552) It was discovered that Java API for XML Web Services (JAX-WS) could incorrectly expose a stack trace. A remote attacker could potentially use this to gain access to sensitive information. (CVE-2011-3553) It was discovered that the unpacker for pack200 JAR files did not sufficiently check for errors. An attacker could cause a denial of service or possibly execute arbitrary code through a specially crafted pack200 JAR file. (CVE-2011-3554) It was discovered that the RMI registration implementation did not properly restrict privileges of remotely executed code. A remote attacker could use this to execute code with elevated privileges. (CVE-2011-3556, CVE-2011-3557) It was discovered that the HotSpot VM could be made to crash, allowing an attacker to cause a denial of service or possibly leak sensitive information. (CVE-2011-3558) It was discovered that the HttpsURLConnection class did not properly perform SecurityManager checks in certain situations. This could allow a remote attacker to bypass restrictions on HTTPS connections. (CVE-2011-3560). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56860 published 2011-11-17 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56860 title Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities (USN-1263-1) (BEAST) NASL family Misc. NASL id ORACLE_JAVA_CPU_OCT_2011_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 1 / 6 Update 29 / 5.0 Update 32 / 1.4.2_34. As such, it is potentially affected by security issues in the following components : - 2D - AWT - Deployment - Deserialization - Hotspot - Java Runtime Environment - JAXWS - JSSE - Networking - RMI - Scripting - Sound - Swing last seen 2020-06-01 modified 2020-06-02 plugin id 64846 published 2013-02-22 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64846 title Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST) (Unix) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1380.NASL description Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556) A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557) A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially crafted input. (CVE-2011-3521) It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544) A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551) An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554) It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560) A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389) Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag last seen 2020-06-01 modified 2020-06-02 plugin id 56553 published 2011-10-19 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56553 title RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:1380) (BEAST) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0034.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM last seen 2020-04-16 modified 2012-01-19 plugin id 57595 published 2012-01-19 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57595 title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:0034) (BEAST) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201111-02.NASL description The remote host is affected by the vulnerability described in GLSA-201111-02 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56724 published 2011-11-07 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56724 title GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_3_JAVA-1_6_0-SUN-111024.NASL description Oracle/Sun Java 1.6.0 was updated to the u26 release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. last seen 2020-06-01 modified 2020-06-02 plugin id 75543 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75543 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-IBM-7926.NASL description IBM Java 1.6.0 SR10 has been released fixing the following CVE last seen 2020-06-05 modified 2012-01-24 plugin id 57658 published 2012-01-24 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57658 title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7926) (BEAST) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_6_UPDATE6.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 6, which updates the Java version to 1.6.0_29. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox. last seen 2019-10-28 modified 2011-11-09 plugin id 56748 published 2011-11-09 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56748 title Mac OS X : Java for Mac OS X 10.6 Update 6 (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-120223.NASL description IBM Java 1.6.0 SR10 has been released fixing the following CVE last seen 2020-06-05 modified 2012-02-29 plugin id 58164 published 2012-02-29 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58164 title SuSE 11.1 Security Update : IBM Java 1.6.0 (SAT Patch Number 5872) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2011-10.NASL description A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556) A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557) A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially crafted input. (CVE-2011-3521) It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544) A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551) An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554) It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560) A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389) Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag last seen 2020-06-01 modified 2020-06-02 plugin id 69569 published 2013-09-04 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69569 title Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2011-10) (BEAST) NASL family Scientific Linux Local Security Checks NASL id SL_20111018_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL description These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556) A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557) A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially crafted input. (CVE-2011-3521) It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544) A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551) An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554) It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560) A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389) Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag last seen 2020-06-01 modified 2020-06-02 plugin id 61156 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61156 title Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_3_JAVA-1_6_0-OPENJDK-111025.NASL description Oracle/Sun OpenJDK 1.6.0 was updated to the 1.10.4release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. last seen 2020-06-01 modified 2020-06-02 plugin id 75539 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75539 title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1263-2.NASL description USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for the chosen plaintext attack on the block-wise AES encryption algorithm (CVE-2011-3389) introduced a regression that caused TLS/SSL connections to fail when using certain algorithms. This update fixes the problem. We apologize for the inconvenience. Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. (CVE-2011-3377) Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. (CVE-2011-3389) It was discovered that a type confusion flaw existed in the in the Internet Inter-Orb Protocol (IIOP) deserialization code. A remote attacker could use this to cause an untrusted application or applet to execute arbitrary code by deserializing malicious input. (CVE-2011-3521) It was discovered that the Java scripting engine did not perform SecurityManager checks. This could allow a remote attacker to cause an untrusted application or applet to execute arbitrary code with the full privileges of the JVM. (CVE-2011-3544) It was discovered that the InputStream class used a global buffer to store input bytes skipped. An attacker could possibly use this to gain access to sensitive information. (CVE-2011-3547) It was discovered that a vulnerability existed in the AWTKeyStroke class. A remote attacker could cause an untrusted application or applet to execute arbitrary code. (CVE-2011-3548) It was discovered that an integer overflow vulnerability existed in the TransformHelper class in the Java2D implementation. A remote attacker could use this cause a denial of service via an application or applet crash or possibly execute arbitrary code. (CVE-2011-3551) It was discovered that the default number of available UDP sockets for applications running under SecurityManager restrictions was set too high. A remote attacker could use this with a malicious application or applet exhaust the number of available UDP sockets to cause a denial of service for other applets or applications running within the same JVM. (CVE-2011-3552) It was discovered that Java API for XML Web Services (JAX-WS) could incorrectly expose a stack trace. A remote attacker could potentially use this to gain access to sensitive information. (CVE-2011-3553) It was discovered that the unpacker for pack200 JAR files did not sufficiently check for errors. An attacker could cause a denial of service or possibly execute arbitrary code through a specially crafted pack200 JAR file. (CVE-2011-3554) It was discovered that the RMI registration implementation did not properly restrict privileges of remotely executed code. A remote attacker could use this to execute code with elevated privileges. (CVE-2011-3556, CVE-2011-3557) It was discovered that the HotSpot VM could be made to crash, allowing an attacker to cause a denial of service or possibly leak sensitive information. (CVE-2011-3558) It was discovered that the HttpsURLConnection class did not properly perform SecurityManager checks in certain situations. This could allow a remote attacker to bypass restrictions on HTTPS connections. (CVE-2011-3560). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57685 published 2012-01-25 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57685 title Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : openjdk-6, openjdk-6b18 regression (USN-1263-2) (BEAST) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1384.NASL description Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 29 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 56560 published 2011-10-20 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56560 title RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:1384) (BEAST) NASL family Misc. NASL id VMWARE_VMSA-2012-0005_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Tomcat - bzip2 library - JRE - WDDM display driver - XPDM display driver last seen 2020-06-01 modified 2020-06-02 plugin id 89106 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89106 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check) NASL family SuSE Local Security Checks NASL id SUSE_11_4_JAVA-1_6_0-OPENJDK-111025.NASL description Oracle/Sun OpenJDK 1.6.0 was updated to the 1.10.4release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. last seen 2020-06-01 modified 2020-06-02 plugin id 75870 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75870 title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_7_UPDATE1.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.7 that is missing Update 1, which updates the Java version to 1.6.0_29. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox. last seen 2019-10-28 modified 2011-11-09 plugin id 56749 published 2011-11-09 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56749 title Mac OS X : Java for Mac OS X 10.7 Update 1 (BEAST) NASL family Windows NASL id ORACLE_JAVA_CPU_OCT_2011.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 1 / 6 Update 29 / 5.0 Update 32 / 1.4.2_34 and is potentially affected by security issues in the following components : - 2D - AWT - Deployment - Deserialization - Hotspot - Java Runtime Environment - JAXWS - JSSE - Networking - RMI - Scripting - Sound - Swing last seen 2020-06-01 modified 2020-06-02 plugin id 56566 published 2011-10-20 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56566 title Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-1380.NASL description Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556) A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557) A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially crafted input. (CVE-2011-3521) It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544) A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551) An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554) It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560) A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389) Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag last seen 2020-06-01 modified 2020-06-02 plugin id 56558 published 2011-10-20 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56558 title CentOS 5 : java-1.6.0-openjdk (CESA-2011:1380) (BEAST) NASL family Fedora Local Security Checks NASL id FEDORA_2011-15555.NASL description This update brings OpenJDK7 u1 to Fedora. The following issues have been ad= dressed : - Updated to IcedTea 2.0 tag in the IcedTea OpenJDK7 forest - Added system timezone support - Revamped version/release naming scheme to make it proper - Security fixes - S7000600, CVE-2011-3547: InputStream skip() information leak - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow - S7032417, CVE-2011-3552: excessive default UDP socket limit under Secur= ityManager - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting en= gine - S7055902, CVE-2011-3521: IIOP deserialization code execution - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress erro= r checks - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack agai= nst SSL/TLS (BEAST) - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer - S7077466, CVE-2011-3556: RMI DGC server remote code execution - S7083012, CVE-2011-3557: RMI registry privileged code execution - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConne= ction ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56800 published 2011-11-14 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56800 title Fedora 16 : java-1.7.0-openjdk-1.7.0.1-2.0.2.fc16 (2011-15555) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-32.NASL description The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76303 published 2014-06-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76303 title GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2012-0003.NASL description a. VirtualCenter and ESX, Oracle (Sun) JRE update 1.5.0_32 Oracle (Sun) JRE is updated to version 1.5.0_32, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_32 in the Oracle Java SE Critical Patch Update Advisory of October 2011. last seen 2020-06-01 modified 2020-06-02 plugin id 58302 published 2012-03-09 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58302 title VMSA-2012-0003 : VMware VirtualCenter Update and ESX 3.5 patch update JRE NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1467.NASL description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1718, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823, CVE-2012-5067, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR3 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 62932 published 2012-11-16 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62932 title RHEL 6 : java-1.7.0-ibm (RHSA-2012:1467) (ROBOT) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1455.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ( last seen 2020-06-01 modified 2020-06-02 plugin id 78975 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78975 title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT) NASL family Scientific Linux Local Security Checks NASL id SL_20111019_JAVA_1_6_0_SUN_ON_SL5_X.NASL description The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 29 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 61158 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61158 title Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (BEAST)
Oval
accepted | 2014-08-18T04:00:48.697-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
definition_extensions |
| ||||||||||||||||
description | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. | ||||||||||||||||
family | windows | ||||||||||||||||
id | oval:org.mitre.oval:def:13947 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2011-11-25T18:04:51.000-05:00 | ||||||||||||||||
title | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. | ||||||||||||||||
version | 8 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/107407/java_rhino.rb.txt |
id | PACKETSTORM:107407 |
last seen | 2016-12-05 |
published | 2011-11-30 |
reporter | sinn3r |
source | https://packetstormsecurity.com/files/107407/Java-Applet-Rhino-Script-Engine-Remote-Code-Execution.html |
title | Java Applet Rhino Script Engine Remote Code Execution |
Redhat
advisories |
| ||||||||
rpms |
|
Saint
bid | 50218 |
description | Oracle Java Rhino Script Engine Code Execution |
id | web_client_jre |
osvdb | 76500 |
title | oracle_java_rhino_script_exec |
type | client |
Seebug
bulletinFamily exploit description Bugtraq ID: 50218 CVE ID:CVE-2011-3544 Sun Java Runtime Environment是一款为JAVA应用程序提供可靠的运行环境的解决方案。 Java处理Rhino JavaScript错误存在缺陷,Java中的内置javascript引擎没有对javascript错误对象执行充分过滤,结果导致不可信代码以特权上下文运行 Sun SDK (Windows Production Release) 1.4.2 _24 Sun SDK (Windows Production Release) 1.4.2 _15 Sun SDK (Windows Production Release) 1.4.2 _10 Sun SDK (Windows Production Release) 1.4.2 _09 Sun SDK (Windows Production Release) 1.4.2 _08 Sun SDK (Windows Production Release) 1.4.2 _07 Sun SDK (Windows Production Release) 1.4.2 _06 Sun SDK (Windows Production Release) 1.4.2 _05 Sun SDK (Windows Production Release) 1.4.2 _04 Sun SDK (Windows Production Release) 1.4.2 _03 Sun SDK (Windows Production Release) 1.4.2 Sun SDK (Windows Production Release) 1.4.2_33 Sun SDK (Windows Production Release) 1.4.2_32 Sun SDK (Windows Production Release) 1.4.2_31 Sun SDK (Windows Production Release) 1.4.2_30 Sun SDK (Windows Production Release) 1.4.2_29 Sun SDK (Windows Production Release) 1.4.2_28 Sun SDK (Windows Production Release) 1.4.2_27 Sun SDK (Windows Production Release) 1.4.2_26 Sun SDK (Windows Production Release) 1.4.2_25 Sun SDK (Windows Production Release) 1.4.2_22 Sun SDK (Windows Production Release) 1.4.2_20 Sun SDK (Windows Production Release) 1.4.2_19 Sun SDK (Windows Production Release) 1.4.2_18 Sun SDK (Windows Production Release) 1.4.2_17 Sun SDK (Windows Production Release) 1.4.2_16 Sun SDK (Windows Production Release) 1.4.2_14 Sun SDK (Windows Production Release) 1.4.2_13 Sun SDK (Windows Production Release) 1.4.2_12 Sun SDK (Windows Production Release) 1.4.2_11 Sun SDK (Solaris Production Release) 1.4.2 _24 Sun SDK (Solaris Production Release) 1.4.2 _15 Sun SDK (Solaris Production Release) 1.4.2 _10 Sun SDK (Solaris Production Release) 1.4.2 _09 Sun SDK (Solaris Production Release) 1.4.2 _08 Sun SDK (Solaris Production Release) 1.4.2 _07 Sun SDK (Solaris Production Release) 1.4.2 _06 Sun SDK (Solaris Production Release) 1.4.2 _05 Sun SDK (Solaris Production Release) 1.4.2 _04 Sun SDK (Solaris Production Release) 1.4.2 _03 Sun SDK (Solaris Production Release) 1.4.2 Sun SDK (Solaris Production Release) 1.4.2_33 Sun SDK (Solaris Production Release) 1.4.2_32 Sun SDK (Solaris Production Release) 1.4.2_31 Sun SDK (Solaris Production Release) 1.4.2_30 Sun SDK (Solaris Production Release) 1.4.2_29 Sun SDK (Solaris Production Release) 1.4.2_28 Sun SDK (Solaris Production Release) 1.4.2_27 Sun SDK (Solaris Production Release) 1.4.2_26 Sun SDK (Solaris Production Release) 1.4.2_25 Sun SDK (Solaris Production Release) 1.4.2_22 Sun SDK (Solaris Production Release) 1.4.2_20 Sun SDK (Solaris Production Release) 1.4.2_19 Sun SDK (Solaris Production Release) 1.4.2_18 Sun SDK (Solaris Production Release) 1.4.2_17 Sun SDK (Solaris Production Release) 1.4.2_16 Sun SDK (Solaris Production Release) 1.4.2_14 Sun SDK (Solaris Production Release) 1.4.2_13 Sun SDK (Solaris Production Release) 1.4.2_12 Sun SDK (Solaris Production Release) 1.4.2_11 Sun SDK (Linux Production Release) 1.4.2 _24 Sun SDK (Linux Production Release) 1.4.2 _15 Sun SDK (Linux Production Release) 1.4.2 _10 Sun SDK (Linux Production Release) 1.4.2 _09 Sun SDK (Linux Production Release) 1.4.2 _08 Sun SDK (Linux Production Release) 1.4.2 _07 Sun SDK (Linux Production Release) 1.4.2 _06 Sun SDK (Linux Production Release) 1.4.2 _05 Sun SDK (Linux Production Release) 1.4.2 _04 Sun SDK (Linux Production Release) 1.4.2 _03 Sun SDK (Linux Production Release) 1.4.2 _02 Sun SDK (Linux Production Release) 1.4.2 _01 Sun SDK (Linux Production Release) 1.4.2 Sun SDK (Linux Production Release) 1.4.2_33 Sun SDK (Linux Production Release) 1.4.2_32 Sun SDK (Linux Production Release) 1.4.2_31 Sun SDK (Linux Production Release) 1.4.2_30 Sun SDK (Linux Production Release) 1.4.2_29 Sun SDK (Linux Production Release) 1.4.2_28 Sun SDK (Linux Production Release) 1.4.2_27 Sun SDK (Linux Production Release) 1.4.2_26 Sun SDK (Linux Production Release) 1.4.2_25 Sun SDK (Linux Production Release) 1.4.2_22 Sun SDK (Linux Production Release) 1.4.2_20 Sun SDK (Linux Production Release) 1.4.2_19 Sun SDK (Linux Production Release) 1.4.2_18 Sun SDK (Linux Production Release) 1.4.2_17 Sun SDK (Linux Production Release) 1.4.2_16 Sun SDK (Linux Production Release) 1.4.2_14 Sun SDK (Linux Production Release) 1.4.2_13 Sun SDK (Linux Production Release) 1.4.2_12 Sun SDK (Linux Production Release) 1.4.2_11 Sun JRE (Windows Production Release) 1.6 _17 Sun JRE (Windows Production Release) 1.6 _13 Sun JRE (Windows Production Release) 1.6 _12 Sun JRE (Windows Production Release) 1.6 _10 Sun JRE (Windows Production Release) 1.6 _07 Sun JRE (Windows Production Release) 1.6 _06 Sun JRE (Windows Production Release) 1.6 _05 Sun JRE (Windows Production Release) 1.6 _04 Sun JRE (Windows Production Release) 1.6 Sun JRE (Windows Production Release) 1.5 _22 Sun JRE (Windows Production Release) 1.5 _18 Sun JRE (Windows Production Release) 1.5 _16 Sun JRE (Windows Production Release) 1.5 _15 Sun JRE (Windows Production Release) 1.5 _06 Sun JRE (Windows Production Release) 1.5 _05 Sun JRE (Windows Production Release) 1.5 _04 Sun JRE (Windows Production Release) 1.5 _03 Sun JRE (Windows Production Release) 1.5 _02 Sun JRE (Windows Production Release) 1.5 _01 Sun JRE (Windows Production Release) 1.5 Sun JRE (Windows Production Release) 1.4.2 _28 Sun JRE (Windows Production Release) 1.4.2 _27 Sun JRE (Windows Production Release) 1.4.2 _24 Sun JRE (Windows Production Release) 1.4.2 _10 Sun JRE (Windows Production Release) 1.4.2 _09 Sun JRE (Windows Production Release) 1.4.2 _09 Sun JRE (Windows Production Release) 1.4.2 _08 Sun JRE (Windows Production Release) 1.4.2 _08 Sun JRE (Windows Production Release) 1.4.2 _07 Sun JRE (Windows Production Release) 1.4.2 _07 Sun JRE (Windows Production Release) 1.4.2 _06 Sun JRE (Windows Production Release) 1.4.2 _05 Sun JRE (Windows Production Release) 1.4.2 _04 Sun JRE (Windows Production Release) 1.4.2 _03 Sun JRE (Windows Production Release) 1.4.2 _02 Sun JRE (Windows Production Release) 1.4.2 _01 Sun JRE (Windows Production Release) 1.4.2 Sun JRE (Windows Production Release) 1.6.0_27 Sun JRE (Windows Production Release) 1.6.0_26 Sun JRE (Windows Production Release) 1.6.0_25 Sun JRE (Windows Production Release) 1.6.0_24 Sun JRE (Windows Production Release) 1.6.0_23 Sun JRE (Windows Production Release) 1.6.0_22 Sun JRE (Windows Production Release) 1.6.0_21 Sun JRE (Windows Production Release) 1.6.0_20 Sun JRE (Windows Production Release) 1.6.0_2 Sun JRE (Windows Production Release) 1.6.0_19 Sun JRE (Windows Production Release) 1.6.0_18 Sun JRE (Windows Production Release) 1.6.0_15 Sun JRE (Windows Production Release) 1.6.0_14 Sun JRE (Windows Production Release) 1.6.0_11 Sun JRE (Windows Production Release) 1.6.0_03 Sun JRE (Windows Production Release) 1.6.0_02 Sun JRE (Windows Production Release) 1.6.0_01 Sun JRE (Windows Production Release) 1.5.0_31 Sun JRE (Windows Production Release) 1.5.0_30 Sun JRE (Windows Production Release) 1.5.0_29 Sun JRE (Windows Production Release) 1.5.0_28 Sun JRE (Windows Production Release) 1.5.0_27 Sun JRE (Windows Production Release) 1.5.0_26 Sun JRE (Windows Production Release) 1.5.0_25 Sun JRE (Windows Production Release) 1.5.0_23 Sun JRE (Windows Production Release) 1.5.0_20 Sun JRE (Windows Production Release) 1.5.0_17 Sun JRE (Windows Production Release) 1.5.0_14 Sun JRE (Windows Production Release) 1.5.0_13 Sun JRE (Windows Production Release) 1.5.0_12 Sun JRE (Windows Production Release) 1.5.0_11 Sun JRE (Windows Production Release) 1.5.0_10 Sun JRE (Windows Production Release) 1.5.0.0_09 Sun JRE (Windows Production Release) 1.5.0.0_08 Sun JRE (Windows Production Release) 1.5.0.0_07 Sun JRE (Windows Production Release) 1.4.2_33 Sun JRE (Windows Production Release) 1.4.2_32 Sun JRE (Windows Production Release) 1.4.2_31 Sun JRE (Windows Production Release) 1.4.2_30 Sun JRE (Windows Production Release) 1.4.2_29 Sun JRE (Windows Production Release) 1.4.2_25 Sun JRE (Windows Production Release) 1.4.2_22 Sun JRE (Windows Production Release) 1.4.2_20 Sun JRE (Windows Production Release) 1.4.2_19 Sun JRE (Windows Production Release) 1.4.2_18 Sun JRE (Windows Production Release) 1.4.2_17 Sun JRE (Windows Production Release) 1.4.2_16 Sun JRE (Windows Production Release) 1.4.2_15 Sun JRE (Windows Production Release) 1.4.2_14 Sun JRE (Windows Production Release) 1.4.2_13 Sun JRE (Windows Production Release) 1.4.2_12 Sun JRE (Windows Production Release) 1.4.2_11 Sun JRE (Solaris Production Release) 1.6 _17 Sun JRE (Solaris Production Release) 1.6 _13 Sun JRE (Solaris Production Release) 1.6 _12 Sun JRE (Solaris Production Release) 1.6 _10 Sun JRE (Solaris Production Release) 1.6 _07 Sun JRE (Solaris Production Release) 1.6 _06 Sun JRE (Solaris Production Release) 1.6 _05 Sun JRE (Solaris Production Release) 1.6 _04 Sun JRE (Solaris Production Release) 1.6 Sun JRE (Solaris Production Release) 1.5 _22 Sun JRE (Solaris Production Release) 1.5 _18 Sun JRE (Solaris Production Release) 1.5 _16 Sun JRE (Solaris Production Release) 1.5 _15 Sun JRE (Solaris Production Release) 1.5 _06 Sun JRE (Solaris Production Release) 1.5 _05 Sun JRE (Solaris Production Release) 1.5 _04 Sun JRE (Solaris Production Release) 1.5 _03 Sun JRE (Solaris Production Release) 1.5 _02 Sun JRE (Solaris Production Release) 1.5 _01 Sun JRE (Solaris Production Release) 1.5 Sun JRE (Solaris Production Release) 1.4.2 _24 Sun JRE (Solaris Production Release) 1.4.2 _10 Sun JRE (Solaris Production Release) 1.4.2 _09 Sun JRE (Solaris Production Release) 1.4.2 _09 Sun JRE (Solaris Production Release) 1.4.2 _08 Sun JRE (Solaris Production Release) 1.4.2 _08 Sun JRE (Solaris Production Release) 1.4.2 _07 Sun JRE (Solaris Production Release) 1.4.2 _07 Sun JRE (Solaris Production Release) 1.4.2 _06 Sun JRE (Solaris Production Release) 1.4.2 _05 Sun JRE (Solaris Production Release) 1.4.2 _04 Sun JRE (Solaris Production Release) 1.4.2 _03 Sun JRE (Solaris Production Release) 1.4.2 _02 Sun JRE (Solaris Production Release) 1.4.2 _01 Sun JRE (Solaris Production Release) 1.4.2 Sun JRE (Solaris Production Release) 1.6.0_27 Sun JRE (Solaris Production Release) 1.6.0_26 Sun JRE (Solaris Production Release) 1.6.0_25 Sun JRE (Solaris Production Release) 1.6.0_24 Sun JRE (Solaris Production Release) 1.6.0_23 Sun JRE (Solaris Production Release) 1.6.0_22 Sun JRE (Solaris Production Release) 1.6.0_21 Sun JRE (Solaris Production Release) 1.6.0_2 Sun JRE (Solaris Production Release) 1.6.0_19 Sun JRE (Solaris Production Release) 1.6.0_18 Sun JRE (Solaris Production Release) 1.6.0_15 Sun JRE (Solaris Production Release) 1.6.0_14 Sun JRE (Solaris Production Release) 1.6.0_11 Sun JRE (Solaris Production Release) 1.6.0_03 Sun JRE (Solaris Production Release) 1.6.0_02 Sun JRE (Solaris Production Release) 1.6.0_01 Sun JRE (Solaris Production Release) 1.5.0_31 Sun JRE (Solaris Production Release) 1.5.0_30 Sun JRE (Solaris Production Release) 1.5.0_29 Sun JRE (Solaris Production Release) 1.5.0_28 Sun JRE (Solaris Production Release) 1.5.0_27 Sun JRE (Solaris Production Release) 1.5.0_26 Sun JRE (Solaris Production Release) 1.5.0_25 Sun JRE (Solaris Production Release) 1.5.0_23 Sun JRE (Solaris Production Release) 1.5.0_20 Sun JRE (Solaris Production Release) 1.5.0_17 Sun JRE (Solaris Production Release) 1.5.0_14 Sun JRE (Solaris Production Release) 1.5.0_13 Sun JRE (Solaris Production Release) 1.5.0_12 Sun JRE (Solaris Production Release) 1.5.0_11 Sun JRE (Solaris Production Release) 1.5.0_10 Sun JRE (Solaris Production Release) 1.5.0.0_09 Sun JRE (Solaris Production Release) 1.5.0.0_08 Sun JRE (Solaris Production Release) 1.5.0.0_07 Sun JRE (Solaris Production Release) 1.4.2_33 Sun JRE (Solaris Production Release) 1.4.2_32 Sun JRE (Solaris Production Release) 1.4.2_31 Sun JRE (Solaris Production Release) 1.4.2_30 Sun JRE (Solaris Production Release) 1.4.2_29 Sun JRE (Solaris Production Release) 1.4.2_28 Sun JRE (Solaris Production Release) 1.4.2_27 Sun JRE (Solaris Production Release) 1.4.2_25 Sun JRE (Solaris Production Release) 1.4.2_22 Sun JRE (Solaris Production Release) 1.4.2_20 Sun JRE (Solaris Production Release) 1.4.2_19 Sun JRE (Solaris Production Release) 1.4.2_18 Sun JRE (Solaris Production Release) 1.4.2_17 Sun JRE (Solaris Production Release) 1.4.2_16 Sun JRE (Solaris Production Release) 1.4.2_15 Sun JRE (Solaris Production Release) 1.4.2_14 Sun JRE (Solaris Production Release) 1.4.2_13 Sun JRE (Solaris Production Release) 1.4.2_12 Sun JRE (Solaris Production Release) 1.4.2_11 Sun JRE (Linux Production Release) 1.6 _17 Sun JRE (Linux Production Release) 1.6 _13 Sun JRE (Linux Production Release) 1.6 _12 Sun JRE (Linux Production Release) 1.6 _10 Sun JRE (Linux Production Release) 1.6 _07 Sun JRE (Linux Production Release) 1.6 _06 Sun JRE (Linux Production Release) 1.6 _05 Sun JRE (Linux Production Release) 1.6 _04 Sun JRE (Linux Production Release) 1.6 Sun JRE (Linux Production Release) 1.5 _22 Sun JRE (Linux Production Release) 1.5 _18 Sun JRE (Linux Production Release) 1.5 _16 Sun JRE (Linux Production Release) 1.5 _15 Sun JRE (Linux Production Release) 1.5 _07 Sun JRE (Linux Production Release) 1.5 _06 Sun JRE (Linux Production Release) 1.5 _05 Sun JRE (Linux Production Release) 1.5 _04 Sun JRE (Linux Production Release) 1.5 _03 Sun JRE (Linux Production Release) 1.5 _02 Sun JRE (Linux Production Release) 1.5 _01 Sun JRE (Linux Production Release) 1.5 .0 beta Sun JRE (Linux Production Release) 1.5 Sun JRE (Linux Production Release) 1.4.2 _24 Sun JRE (Linux Production Release) 1.4.2 _10-b03 Sun JRE (Linux Production Release) 1.4.2 _10 Sun JRE (Linux Production Release) 1.4.2 _09 Sun JRE (Linux Production Release) 1.4.2 _08 Sun JRE (Linux Production Release) 1.4.2 _07 Sun JRE (Linux Production Release) 1.4.2 _06 Sun JRE (Linux Production Release) 1.4.2 _05 Sun JRE (Linux Production Release) 1.4.2 _04 Sun JRE (Linux Production Release) 1.4.2 _03 Sun JRE (Linux Production Release) 1.4.2 _02 Sun JRE (Linux Production Release) 1.4.2 _01 Sun JRE (Linux Production Release) 1.4.2 Sun JRE (Linux Production Release) 1.6.0_27 Sun JRE (Linux Production Release) 1.6.0_26 Sun JRE (Linux Production Release) 1.6.0_25 Sun JRE (Linux Production Release) 1.6.0_24 Sun JRE (Linux Production Release) 1.6.0_23 Sun JRE (Linux Production Release) 1.6.0_22 Sun JRE (Linux Production Release) 1.6.0_21 Sun JRE (Linux Production Release) 1.6.0_20 Sun JRE (Linux Production Release) 1.6.0_19 Sun JRE (Linux Production Release) 1.6.0_18 Sun JRE (Linux Production Release) 1.6.0_15 Sun JRE (Linux Production Release) 1.6.0_14 Sun JRE (Linux Production Release) 1.6.0_11 Sun JRE (Linux Production Release) 1.6.0_03 Sun JRE (Linux Production Release) 1.6.0_02 Sun JRE (Linux Production Release) 1.6.0_01 Sun JRE (Linux Production Release) 1.5.0_31 Sun JRE (Linux Production Release) 1.5.0_30 Sun JRE (Linux Production Release) 1.5.0_29 Sun JRE (Linux Production Release) 1.5.0_28 Sun JRE (Linux Production Release) 1.5.0_27 Sun JRE (Linux Production Release) 1.5.0_26 Sun JRE (Linux Production Release) 1.5.0_25 Sun JRE (Linux Production Release) 1.5.0_23 Sun JRE (Linux Production Release) 1.5.0_20 Sun JRE (Linux Production Release) 1.5.0_17 Sun JRE (Linux Production Release) 1.5.0_14 Sun JRE (Linux Production Release) 1.5.0_13 Sun JRE (Linux Production Release) 1.5.0_12 Sun JRE (Linux Production Release) 1.5.0_11 Sun JRE (Linux Production Release) 1.5.0_10 Sun JRE (Linux Production Release) 1.5.0_09 Sun JRE (Linux Production Release) 1.5.0_08 Sun JRE (Linux Production Release) 1.4.2_33 Sun JRE (Linux Production Release) 1.4.2_32 Sun JRE (Linux Production Release) 1.4.2_31 Sun JRE (Linux Production Release) 1.4.2_30 Sun JRE (Linux Production Release) 1.4.2_29 Sun JRE (Linux Production Release) 1.4.2_28 Sun JRE (Linux Production Release) 1.4.2_27 Sun JRE (Linux Production Release) 1.4.2_25 Sun JRE (Linux Production Release) 1.4.2_22 Sun JRE (Linux Production Release) 1.4.2_20 Sun JRE (Linux Production Release) 1.4.2_19 Sun JRE (Linux Production Release) 1.4.2_18 Sun JRE (Linux Production Release) 1.4.2_17 Sun JRE (Linux Production Release) 1.4.2_16 Sun JRE (Linux Production Release) 1.4.2_15 Sun JRE (Linux Production Release) 1.4.2_14 Sun JRE (Linux Production Release) 1.4.2_13 Sun JRE (Linux Production Release) 1.4.2_12 Sun JRE (Linux Production Release) 1.4.2_11 Sun JDK (Windows Production Release) 1.6 _17 Sun JDK (Windows Production Release) 1.6 _14 Sun JDK (Windows Production Release) 1.6 _13 Sun JDK (Windows Production Release) 1.6 _11 Sun JDK (Windows Production Release) 1.6 _10 Sun JDK (Windows Production Release) 1.6 _07 Sun JDK (Windows Production Release) 1.6 _06 Sun JDK (Windows Production Release) 1.6 _05 Sun JDK (Windows Production Release) 1.6 _04 Sun JDK (Windows Production Release) 1.6 Sun JDK (Windows Production Release) 1.5 0_10 Sun JDK (Windows Production Release) 1.5 _22 Sun JDK (Windows Production Release) 1.5 _18 Sun JDK (Windows Production Release) 1.5 _17 Sun JDK (Windows Production Release) 1.5 _15 Sun JDK (Windows Production Release) 1.5 _14 Sun JDK (Windows Production Release) 1.5 _02 Sun JDK (Windows Production Release) 1.5 _01 Sun JDK (Windows Production Release) 1.5 .0_05 Sun JDK (Windows Production Release) 1.5 .0_04 Sun JDK (Windows Production Release) 1.5 .0_03 Sun JDK (Windows Production Release) 1.6.0_27 Sun JDK (Windows Production Release) 1.6.0_26 Sun JDK (Windows Production Release) 1.6.0_25 Sun JDK (Windows Production Release) 1.6.0_24 Sun JDK (Windows Production Release) 1.6.0_23 Sun JDK (Windows Production Release) 1.6.0_22 Sun JDK (Windows Production Release) 1.6.0_21 Sun JDK (Windows Production Release) 1.6.0_20 Sun JDK (Windows Production Release) 1.6.0_19 Sun JDK (Windows Production Release) 1.6.0_18 Sun JDK (Windows Production Release) 1.6.0_15 Sun JDK (Windows Production Release) 1.6.0_03 Sun JDK (Windows Production Release) 1.6.0_02 Sun JDK (Windows Production Release) 1.6.0_01-b06 Sun JDK (Windows Production Release) 1.6.0_01 Sun JDK (Windows Production Release) 1.5.0_31 Sun JDK (Windows Production Release) 1.5.0_30 Sun JDK (Windows Production Release) 1.5.0_29 Sun JDK (Windows Production Release) 1.5.0_28 Sun JDK (Windows Production Release) 1.5.0_27 Sun JDK (Windows Production Release) 1.5.0_26 Sun JDK (Windows Production Release) 1.5.0_25 Sun JDK (Windows Production Release) 1.5.0_24 Sun JDK (Windows Production Release) 1.5.0_23 Sun JDK (Windows Production Release) 1.5.0_20 Sun JDK (Windows Production Release) 1.5.0_16 Sun JDK (Windows Production Release) 1.5.0_13 Sun JDK (Windows Production Release) 1.5.0_12 Sun JDK (Windows Production Release) 1.5.0_11-b03 Sun JDK (Windows Production Release) 1.5.0_07-b03 Sun JDK (Windows Production Release) 1.5.0.0_12 Sun JDK (Windows Production Release) 1.5.0.0_11 Sun JDK (Windows Production Release) 1.5.0.0_09 Sun JDK (Windows Production Release) 1.5.0.0_08 Sun JDK (Windows Production Release) 1.5.0.0_06 Sun JDK (Solaris Production Release) 1.6 _17 Sun JDK (Solaris Production Release) 1.6 _14 Sun JDK (Solaris Production Release) 1.6 _13 Sun JDK (Solaris Production Release) 1.6 _11 Sun JDK (Solaris Production Release) 1.6 _10 Sun JDK (Solaris Production Release) 1.6 _07 Sun JDK (Solaris Production Release) 1.6 _06 Sun JDK (Solaris Production Release) 1.6 _05 Sun JDK (Solaris Production Release) 1.6 _04 Sun JDK (Solaris Production Release) 1.6 _01-b06 Sun JDK (Solaris Production Release) 1.6 Sun JDK (Solaris Production Release) 1.5 0_10 Sun JDK (Solaris Production Release) 1.5 0_09 Sun JDK (Solaris Production Release) 1.5 0_03 Sun JDK (Solaris Production Release) 1.5 _22 Sun JDK (Solaris Production Release) 1.5 _18 Sun JDK (Solaris Production Release) 1.5 _17 Sun JDK (Solaris Production Release) 1.5 _15 Sun JDK (Solaris Production Release) 1.5 _14 Sun JDK (Solaris Production Release) 1.5 _11-b03 Sun JDK (Solaris Production Release) 1.5 _07-b03 Sun JDK (Solaris Production Release) 1.5 _06 Sun JDK (Solaris Production Release) 1.5 _02 Sun JDK (Solaris Production Release) 1.5 _01 Sun JDK (Solaris Production Release) 1.5 .0_05 Sun JDK (Solaris Production Release) 1.5 .0_04 Sun JDK (Solaris Production Release) 1.5 .0_03 Sun JDK (Solaris Production Release) 1.6.0_27 Sun JDK (Solaris Production Release) 1.6.0_26 Sun JDK (Solaris Production Release) 1.6.0_25 Sun JDK (Solaris Production Release) 1.6.0_24 Sun JDK (Solaris Production Release) 1.6.0_23 Sun JDK (Solaris Production Release) 1.6.0_22 Sun JDK (Solaris Production Release) 1.6.0_21 Sun JDK (Solaris Production Release) 1.6.0_20 Sun JDK (Solaris Production Release) 1.6.0_19 Sun JDK (Solaris Production Release) 1.6.0_18 Sun JDK (Solaris Production Release) 1.6.0_15 Sun JDK (Solaris Production Release) 1.6.0_03 Sun JDK (Solaris Production Release) 1.6.0_02 Sun JDK (Solaris Production Release) 1.6.0_01 Sun JDK (Solaris Production Release) 1.5.0_31 Sun JDK (Solaris Production Release) 1.5.0_30 Sun JDK (Solaris Production Release) 1.5.0_29 Sun JDK (Solaris Production Release) 1.5.0_28 Sun JDK (Solaris Production Release) 1.5.0_27 Sun JDK (Solaris Production Release) 1.5.0_26 Sun JDK (Solaris Production Release) 1.5.0_25 Sun JDK (Solaris Production Release) 1.5.0_24 Sun JDK (Solaris Production Release) 1.5.0_23 Sun JDK (Solaris Production Release) 1.5.0_20 Sun JDK (Solaris Production Release) 1.5.0_16 Sun JDK (Solaris Production Release) 1.5.0_13 Sun JDK (Solaris Production Release) 1.5.0_12 Sun JDK (Solaris Production Release) 1.5.0_11 Sun JDK (Linux Production Release) 1.6 _17 Sun JDK (Linux Production Release) 1.6 _14 Sun JDK (Linux Production Release) 1.6 _13 Sun JDK (Linux Production Release) 1.6 _11 Sun JDK (Linux Production Release) 1.6 _10 Sun JDK (Linux Production Release) 1.6 _07 Sun JDK (Linux Production Release) 1.6 _06 Sun JDK (Linux Production Release) 1.6 _05 Sun JDK (Linux Production Release) 1.6 _04 Sun JDK (Linux Production Release) 1.6 _01-b06 Sun JDK (Linux Production Release) 1.6 _01 Sun JDK (Linux Production Release) 1.6 Sun JDK (Linux Production Release) 1.5 0_10 Sun JDK (Linux Production Release) 1.5 _22 Sun JDK (Linux Production Release) 1.5 _18 Sun JDK (Linux Production Release) 1.5 _17 Sun JDK (Linux Production Release) 1.5 _15 Sun JDK (Linux Production Release) 1.5 _14 Sun JDK (Linux Production Release) 1.5 _11-b03 Sun JDK (Linux Production Release) 1.5 _07-b03 Sun JDK (Linux Production Release) 1.5 _07 Sun JDK (Linux Production Release) 1.5 _06 Sun JDK (Linux Production Release) 1.5 _02 Sun JDK (Linux Production Release) 1.5 _01 Sun JDK (Linux Production Release) 1.5 .0_05 Sun JDK (Linux Production Release) 1.5 Sun JDK (Linux Production Release) 1.6.0_27 Sun JDK (Linux Production Release) 1.6.0_26 Sun JDK (Linux Production Release) 1.6.0_25 Sun JDK (Linux Production Release) 1.6.0_24 Sun JDK (Linux Production Release) 1.6.0_23 Sun JDK (Linux Production Release) 1.6.0_22 Sun JDK (Linux Production Release) 1.6.0_21 Sun JDK (Linux Production Release) 1.6.0_20 Sun JDK (Linux Production Release) 1.6.0_19 Sun JDK (Linux Production Release) 1.6.0_18 Sun JDK (Linux Production Release) 1.6.0_15 Sun JDK (Linux Production Release) 1.6.0_03 Sun JDK (Linux Production Release) 1.6.0_02 Sun JDK (Linux Production Release) 1.5.0_31 Sun JDK (Linux Production Release) 1.5.0_30 Sun JDK (Linux Production Release) 1.5.0_29 Sun JDK (Linux Production Release) 1.5.0_28 Sun JDK (Linux Production Release) 1.5.0_27 Sun JDK (Linux Production Release) 1.5.0_26 Sun JDK (Linux Production Release) 1.5.0_25 Sun JDK (Linux Production Release) 1.5.0_24 Sun JDK (Linux Production Release) 1.5.0_23 Sun JDK (Linux Production Release) 1.5.0_20 Sun JDK (Linux Production Release) 1.5.0_16 Sun JDK (Linux Production Release) 1.5.0_13 Sun JDK (Linux Production Release) 1.5.0.0_12 Sun JDK (Linux Production Release) 1.5.0.0_11 Sun JDK (Linux Production Release) 1.5.0.0_09 Sun JDK (Linux Production Release) 1.5.0.0_08 Sun JDK (Linux Production Release) 1.5.0.0_04 Sun JDK (Linux Production Release) 1.5.0.0_03 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html id SSV:24273 last seen 2017-11-19 modified 2011-12-01 published 2011-12-01 reporter Root source https://www.seebug.org/vuldb/ssvid-24273 title Oracle Java Applet Rhino脚本引擎远程代码执行漏洞 bulletinFamily exploit description CVE ID: CVE-2011-3389,CVE-2011-3516,CVE-2011-3521,CVE-2011-3544,CVE-2011-3545,CVE-2011-3546,CVE-2011-3547,CVE-2011-3548,CVE-2011-3549,CVE-2011-3550,CVE-2011-3551,CVE-2011-3552,CVE-2011-3553,CVE-2011-3554,CVE-2011-3556,CVE-2011-3557,CVE-2011-3560,CVE-2011-3561,CVE-2011-3563,CVE-2011-5035,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0502,CVE-2012-0503,CVE-2012-0505,CVE-2012-0506,CVE-2012-0507,CVE-2012-0732,CVE-2012-2159,CVE-2012-2161 IBM Rational AppScan是应用安全性软件,能够在开发的各个阶段扫描并测试所有常见的Web应用漏洞。 IBM Rational AppScan 8.6之前版本在实现上存在多个漏洞,可被恶意用户利用泄露敏感信息、执行欺骗和XSS攻击、劫持用户会话、对DNS缓存投毒、操作某些数据、造成拒绝服务和控制受影响系统。 0 IBM Rational AppScan 8.x IBM Rational AppScan 7.x 厂商补丁: IBM --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.ers.ibm.com/ id SSV:60220 last seen 2017-11-19 modified 2012-06-16 published 2012-06-16 reporter Root title IBM Rational AppScan 8.x/7.x 多个安全漏洞 bulletinFamily exploit description No description provided by source. id SSV:72368 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-72368 title Java Applet Rhino Script Engine Remote Code Execution
References
- http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- http://www.redhat.com/support/errata/RHSA-2011-1384.html
- http://www.securityfocus.com/bid/50218
- http://www.ibm.com/developerworks/java/jdk/alerts/
- http://marc.info/?l=bugtraq&m=132750579901589&w=2
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
- http://www.securitytracker.com/id?1026215
- http://rhn.redhat.com/errata/RHSA-2013-1455.html
- http://www.ubuntu.com/usn/USN-1263-1
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://marc.info/?l=bugtraq&m=134254957702612&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
- http://marc.info/?l=bugtraq&m=134254866602253&w=2
- http://secunia.com/advisories/48308