ID CVE-2010-3557
Summary Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."
References
Vulnerable Configurations
  • Sun JRE 1.6.0
    cpe:2.3:a:sun:jre:1.6.0
  • Sun JRE 1.6.0 Update 1
    cpe:2.3:a:sun:jre:1.6.0:update_1
  • Sun JRE 1.6.0 Update 10
    cpe:2.3:a:sun:jre:1.6.0:update_10
  • Sun JRE 1.6.0 Update 11
    cpe:2.3:a:sun:jre:1.6.0:update_11
  • Sun JRE 1.6.0 Update 12
    cpe:2.3:a:sun:jre:1.6.0:update_12
  • Sun JRE 1.6.0 Update 13
    cpe:2.3:a:sun:jre:1.6.0:update_13
  • Sun JRE 1.6.0 Update 14
    cpe:2.3:a:sun:jre:1.6.0:update_14
  • Sun JRE 1.6.0 Update 15
    cpe:2.3:a:sun:jre:1.6.0:update_15
  • Sun JRE 1.6.0 Update 16
    cpe:2.3:a:sun:jre:1.6.0:update_16
  • Sun JRE 1.6.0 Update 17
    cpe:2.3:a:sun:jre:1.6.0:update_17
  • Sun JRE 1.6.0 Update 18
    cpe:2.3:a:sun:jre:1.6.0:update_18
  • Sun JRE 1.6.0 Update 19
    cpe:2.3:a:sun:jre:1.6.0:update_19
  • Sun JRE 1.6.0 Update 2
    cpe:2.3:a:sun:jre:1.6.0:update_2
  • Sun JRE 1.6.0 Update 20
    cpe:2.3:a:sun:jre:1.6.0:update_20
  • Sun JRE 1.6.0 Update 21
    cpe:2.3:a:sun:jre:1.6.0:update_21
  • Sun JRE 1.6.0 Update 3
    cpe:2.3:a:sun:jre:1.6.0:update_3
  • Sun JRE 1.6.0 Update 4
    cpe:2.3:a:sun:jre:1.6.0:update_4
  • Sun JRE 1.6.0 Update 5
    cpe:2.3:a:sun:jre:1.6.0:update_5
  • Sun JRE 1.6.0 Update 6
    cpe:2.3:a:sun:jre:1.6.0:update_6
  • Sun JRE 1.6.0 Update 7
    cpe:2.3:a:sun:jre:1.6.0:update_7
  • Sun JDK 1.6.0
    cpe:2.3:a:sun:jdk:1.6.0
  • Sun JDK 6 Update 1
    cpe:2.3:a:sun:jdk:1.6.0:update1
  • Sun JDK 1.6.0_01-b06
    cpe:2.3:a:sun:jdk:1.6.0:update1_b06
  • Sun JDK 6 Update 2
    cpe:2.3:a:sun:jdk:1.6.0:update2
  • Sun JDK 1.6.0 Update 10
    cpe:2.3:a:sun:jdk:1.6.0:update_10
  • Sun JDK 1.6.0 Update 11
    cpe:2.3:a:sun:jdk:1.6.0:update_11
  • Sun JDK 1.6.0 Update 12
    cpe:2.3:a:sun:jdk:1.6.0:update_12
  • Sun JDK 1.6.0 Update 13
    cpe:2.3:a:sun:jdk:1.6.0:update_13
  • Sun JDK 1.6.0 Update 14
    cpe:2.3:a:sun:jdk:1.6.0:update_14
  • Sun JDK 1.6.0 Update 15
    cpe:2.3:a:sun:jdk:1.6.0:update_15
  • Sun JDK 1.6.0 Update 16
    cpe:2.3:a:sun:jdk:1.6.0:update_16
  • Sun JDK 1.6.0 Update 17
    cpe:2.3:a:sun:jdk:1.6.0:update_17
  • Sun JDK 1.6.0 Update 18
    cpe:2.3:a:sun:jdk:1.6.0:update_18
  • Sun JDK 1.6.0 Update 19
    cpe:2.3:a:sun:jdk:1.6.0:update_19
  • Sun JDK 1.6.0 Update 20
    cpe:2.3:a:sun:jdk:1.6.0:update_20
  • Sun JDK 1.6.0 Update 21
    cpe:2.3:a:sun:jdk:1.6.0:update_21
  • Sun JDK 1.6.0 Update 3
    cpe:2.3:a:sun:jdk:1.6.0:update_3
  • Sun JDK 1.6.0 Update 4
    cpe:2.3:a:sun:jdk:1.6.0:update_4
  • Sun JDK 1.6.0 Update 5
    cpe:2.3:a:sun:jdk:1.6.0:update_5
  • Sun JDK 1.6.0 Update 6
    cpe:2.3:a:sun:jdk:1.6.0:update_6
  • Sun JDK 1.6.0 Update 7
    cpe:2.3:a:sun:jdk:1.6.0:update_7
  • Sun JDK 1.5.0
    cpe:2.3:a:sun:jdk:1.5.0
  • Sun JDK 5.0 Update1
    cpe:2.3:a:sun:jdk:1.5.0:update1
  • Sun JDK 5.0 Update10
    cpe:2.3:a:sun:jdk:1.5.0:update10
  • Sun JDK 5.0 Update11
    cpe:2.3:a:sun:jdk:1.5.0:update11
  • Sun JDK 5.0 Update12
    cpe:2.3:a:sun:jdk:1.5.0:update12
  • Sun JDK 5.0 Update 13
    cpe:2.3:a:sun:jdk:1.5.0:update13
  • Sun JDK 5.0 Update 14
    cpe:2.3:a:sun:jdk:1.5.0:update14
  • Sun JDK 5.0 Update 15
    cpe:2.3:a:sun:jdk:1.5.0:update15
  • Sun JDK 5.0 Update 16
    cpe:2.3:a:sun:jdk:1.5.0:update16
  • Sun JDK 5.0 Update 17
    cpe:2.3:a:sun:jdk:1.5.0:update17
  • Sun JDK 5.0 Update 18
    cpe:2.3:a:sun:jdk:1.5.0:update18
  • Sun JDK 5.0 Update 19
    cpe:2.3:a:sun:jdk:1.5.0:update19
  • Sun JDK 5.0 Update2
    cpe:2.3:a:sun:jdk:1.5.0:update2
  • Sun JDK 5.0 Update 20
    cpe:2.3:a:sun:jdk:1.5.0:update20
  • Sun JDK 5.0 Update 21
    cpe:2.3:a:sun:jdk:1.5.0:update21
  • Sun JDK 5.0 Update 22
    cpe:2.3:a:sun:jdk:1.5.0:update22
  • Sun JDK 5.0 Update 23
    cpe:2.3:a:sun:jdk:1.5.0:update23
  • Sun JDK 5.0 Update 24
    cpe:2.3:a:sun:jdk:1.5.0:update24
  • Sun JDK 5.0 Update 25
    cpe:2.3:a:sun:jdk:1.5.0:update25
  • Sun JDK 5.0 Update3
    cpe:2.3:a:sun:jdk:1.5.0:update3
  • Sun JDK 5.0 Update4
    cpe:2.3:a:sun:jdk:1.5.0:update4
  • Sun JDK 5.0 Update5
    cpe:2.3:a:sun:jdk:1.5.0:update5
  • Sun JDK 1.5.0_6
    cpe:2.3:a:sun:jdk:1.5.0:update6
  • Sun JDK 5.0 Update7
    cpe:2.3:a:sun:jdk:1.5.0:update7
  • Sun JDK 5.0 Update8
    cpe:2.3:a:sun:jdk:1.5.0:update8
  • Sun JDK 5.0 Update9
    cpe:2.3:a:sun:jdk:1.5.0:update9
  • SDK 1.4.2
    cpe:2.3:a:sun:sdk:1.4.2
  • Sun SDK 1.4.2_1
    cpe:2.3:a:sun:sdk:1.4.2_1
  • SDK 1.4.2_02
    cpe:2.3:a:sun:sdk:1.4.2_02
  • Sun SDK 1.4.2_3
    cpe:2.3:a:sun:sdk:1.4.2_3
  • Sun SDK 1.4.2_4
    cpe:2.3:a:sun:sdk:1.4.2_4
  • Sun SDK 1.4.2_5
    cpe:2.3:a:sun:sdk:1.4.2_5
  • Sun SDK 1.4.2_6
    cpe:2.3:a:sun:sdk:1.4.2_6
  • Sun SDK 1.4.2_7
    cpe:2.3:a:sun:sdk:1.4.2_7
  • Sun SDK 1.4.2_8
    cpe:2.3:a:sun:sdk:1.4.2_8
  • Sun SDK 1.4.2_9
    cpe:2.3:a:sun:sdk:1.4.2_9
  • Sun SDK 1.4.2_10
    cpe:2.3:a:sun:sdk:1.4.2_10
  • Sun SDK 1.4.2_11
    cpe:2.3:a:sun:sdk:1.4.2_11
  • Sun SDK 1.4.2_12
    cpe:2.3:a:sun:sdk:1.4.2_12
  • Sun SDK 1.4.2_13
    cpe:2.3:a:sun:sdk:1.4.2_13
  • Sun SDK 1.4.2_14
    cpe:2.3:a:sun:sdk:1.4.2_14
  • Sun SDK 1.4.2_15
    cpe:2.3:a:sun:sdk:1.4.2_15
  • Sun SDK 1.4.2_16
    cpe:2.3:a:sun:sdk:1.4.2_16
  • Sun SDK1.4.2_17
    cpe:2.3:a:sun:sdk:1.4.2_17
  • Sun SDK1.4.2_18
    cpe:2.3:a:sun:sdk:1.4.2_18
  • Sun SDK 1.4.2_19
    cpe:2.3:a:sun:sdk:1.4.2_19
  • Sun SDK 1.4.2_20
    cpe:2.3:a:sun:sdk:1.4.2_20
  • Sun SDK 1.4.2_21
    cpe:2.3:a:sun:sdk:1.4.2_21
  • SDK 1.4.2_22
    cpe:2.3:a:sun:sdk:1.4.2_22
  • Sun SDK 1.4.2_23
    cpe:2.3:a:sun:sdk:1.4.2_23
  • Sun SDK 1.4.2_24
    cpe:2.3:a:sun:sdk:1.4.2_24
  • Sun SDK 1.4.2_25
    cpe:2.3:a:sun:sdk:1.4.2_25
  • Sun SDK 1.4.2_26
    cpe:2.3:a:sun:sdk:1.4.2_26
  • Sun SDK 1.4.2_27
    cpe:2.3:a:sun:sdk:1.4.2_27
  • Sun JRE 1.5.0
    cpe:2.3:a:sun:jre:1.5.0
  • Sun JRE 1.5.0_1 (JRE 5.0 Update 1)
    cpe:2.3:a:sun:jre:1.5.0:update1
  • Sun JRE 1.5.0_10 (JRE 5.0 Update 10)
    cpe:2.3:a:sun:jre:1.5.0:update10
  • Sun JRE 1.5.0_11 (JRE 5.0 Update 11)
    cpe:2.3:a:sun:jre:1.5.0:update11
  • Sun JRE 1.5.0_12 (JRE 5.0 Update 12)
    cpe:2.3:a:sun:jre:1.5.0:update12
  • Sun JRE 1.5.0_13 (JRE 5.0 Update 13)
    cpe:2.3:a:sun:jre:1.5.0:update13
  • Sun JRE 1.5.0_14 (JRE 5.0 Update 14)
    cpe:2.3:a:sun:jre:1.5.0:update14
  • Sun JRE 1.5.0_15 (JRE 5.0 Update 15)
    cpe:2.3:a:sun:jre:1.5.0:update15
  • Sun JRE 1.5.0_16 (JRE 5.0 Update 16)
    cpe:2.3:a:sun:jre:1.5.0:update16
  • Sun JRE 1.5.0_17 (JRE 5.0 Update 17)
    cpe:2.3:a:sun:jre:1.5.0:update17
  • Sun JRE 1.5.0_18 (JRE 5.0 Update 18)
    cpe:2.3:a:sun:jre:1.5.0:update18
  • Sun JRE 1.5.0_19 (JRE 5.0 Update 19)
    cpe:2.3:a:sun:jre:1.5.0:update19
  • Sun JRE 1.5.0_2 (JRE 5.0 Update 2)
    cpe:2.3:a:sun:jre:1.5.0:update2
  • Sun JRE 1.5.0_20 (JRE 5.0 Update 20)
    cpe:2.3:a:sun:jre:1.5.0:update20
  • Sun JRE 1.5.0_21 (JRE 5.0 Update 21)
    cpe:2.3:a:sun:jre:1.5.0:update21
  • Sun JRE 1.5.0_22 (JRE 5.0 Update 22)
    cpe:2.3:a:sun:jre:1.5.0:update22
  • Sun JRE 1.5.0_23 (JRE 5.0 Update 23)
    cpe:2.3:a:sun:jre:1.5.0:update23
  • Sun JRE 1.5.0_24 (JRE 5.0 Update 24)
    cpe:2.3:a:sun:jre:1.5.0:update24
  • Sun JRE 1.5.0_25 (JRE 5.0 Update 25)
    cpe:2.3:a:sun:jre:1.5.0:update25
  • Sun JRE 1.5.0_3 (JRE 5.0 Update 3)
    cpe:2.3:a:sun:jre:1.5.0:update3
  • Sun JRE 1.5.0_4 (JRE 5.0 Update 4)
    cpe:2.3:a:sun:jre:1.5.0:update4
  • Sun JRE 1.5.0_5 (JRE 5.0 Update 5)
    cpe:2.3:a:sun:jre:1.5.0:update5
  • Sun JRE 1.5.0_6 (JRE 5.0 Update 6)
    cpe:2.3:a:sun:jre:1.5.0:update6
  • Sun JRE 1.5.0_7 (JRE 5.0 Update 7)
    cpe:2.3:a:sun:jre:1.5.0:update7
  • Sun JRE 1.5.0_8 (JRE 5.0 Update 8)
    cpe:2.3:a:sun:jre:1.5.0:update8
  • Sun JRE 1.5.0_9 (JRE 5.0 Update 9)
    cpe:2.3:a:sun:jre:1.5.0:update9
  • Sun JRE 1.4.2
    cpe:2.3:a:sun:jre:1.4.2
  • Sun JRE 1.4.2_1
    cpe:2.3:a:sun:jre:1.4.2_1
  • Sun JRE 1.4.2_2
    cpe:2.3:a:sun:jre:1.4.2_2
  • Sun JRE 1.4.2_3
    cpe:2.3:a:sun:jre:1.4.2_3
  • Sun JRE 1.4.2_4
    cpe:2.3:a:sun:jre:1.4.2_4
  • Sun JRE 1.4.2_5
    cpe:2.3:a:sun:jre:1.4.2_5
  • Sun JRE 1.4.2_6
    cpe:2.3:a:sun:jre:1.4.2_6
  • Sun JRE 1.4.2_7
    cpe:2.3:a:sun:jre:1.4.2_7
  • Sun JRE 1.4.2_8
    cpe:2.3:a:sun:jre:1.4.2_8
  • Sun JRE 1.4.2_9
    cpe:2.3:a:sun:jre:1.4.2_9
  • Sun JRE 1.4.2_10
    cpe:2.3:a:sun:jre:1.4.2_10
  • Sun JRE 1.4.2_11
    cpe:2.3:a:sun:jre:1.4.2_11
  • Sun JRE 1.4.2_12
    cpe:2.3:a:sun:jre:1.4.2_12
  • Sun JRE 1.4.2_13
    cpe:2.3:a:sun:jre:1.4.2_13
  • Sun JRE 1.4.2_14
    cpe:2.3:a:sun:jre:1.4.2_14
  • Sun JRE 1.4.2_15
    cpe:2.3:a:sun:jre:1.4.2_15
  • Sun JRE 1.4.2_16
    cpe:2.3:a:sun:jre:1.4.2_16
  • Sun JRE 1.4.2_17
    cpe:2.3:a:sun:jre:1.4.2_17
  • Sun JRE 1.4.2_18
    cpe:2.3:a:sun:jre:1.4.2_18
  • Sun JRE 1.4.2_19
    cpe:2.3:a:sun:jre:1.4.2_19
  • Sun JRE 1.4.2_20
    cpe:2.3:a:sun:jre:1.4.2_20
  • Sun JRE 1.4.2_21
    cpe:2.3:a:sun:jre:1.4.2_21
  • Sun JRE 1.4.2_22
    cpe:2.3:a:sun:jre:1.4.2_22
  • Sun JRE 1.4.2_23
    cpe:2.3:a:sun:jre:1.4.2_23
  • Sun JRE 1.4.2_24
    cpe:2.3:a:sun:jre:1.4.2_24
  • Sun JRE 1.4.2_25
    cpe:2.3:a:sun:jre:1.4.2_25
  • Sun JRE 1.4.2_26
    cpe:2.3:a:sun:jre:1.4.2_26
  • Sun JRE 1.4.2_27
    cpe:2.3:a:sun:jre:1.4.2_27
  • Sun JDK 1.3.0
    cpe:2.3:a:sun:jdk:1.3.0
  • Sun SDK 1.3.0_01
    cpe:2.3:a:sun:jdk:1.3.0_01
  • Sun SDK 1.3.0_02
    cpe:2.3:a:sun:jdk:1.3.0_02
  • Sun SDK 1.3.0_03
    cpe:2.3:a:sun:jdk:1.3.0_03
  • Sun SDK 1.3.0_04
    cpe:2.3:a:sun:jdk:1.3.0_04
  • Sun SDK 1.3.0_05
    cpe:2.3:a:sun:jdk:1.3.0_05
  • Sun JDK 1.3.1
    cpe:2.3:a:sun:jdk:1.3.1
  • Sun JDK 1.3.1_01
    cpe:2.3:a:sun:jdk:1.3.1_01
  • Sun JDK 1.3.1_01a
    cpe:2.3:a:sun:jdk:1.3.1_01a
  • Sun JDK 1.3.1_02
    cpe:2.3:a:sun:jdk:1.3.1_02
  • Sun JDK 1.3.1_03
    cpe:2.3:a:sun:jdk:1.3.1_03
  • Sun JDK 1.3.1_04
    cpe:2.3:a:sun:jdk:1.3.1_04
  • Sun JDK 1.3.1_05
    cpe:2.3:a:sun:jdk:1.3.1_05
  • Sun JDK 1.3.1_06
    cpe:2.3:a:sun:jdk:1.3.1_06
  • Sun JDK 1.3.1_07
    cpe:2.3:a:sun:jdk:1.3.1_07
  • Sun JDK 1.3.1_08
    cpe:2.3:a:sun:jdk:1.3.1_08
  • Sun JDK 1.3.1_09
    cpe:2.3:a:sun:jdk:1.3.1_09
  • Sun JDK 1.3.1_10
    cpe:2.3:a:sun:jdk:1.3.1_10
  • Sun JDK 1.3.1_11
    cpe:2.3:a:sun:jdk:1.3.1_11
  • Sun JDK 1.3.1_12
    cpe:2.3:a:sun:jdk:1.3.1_12
  • Sun JDK 1.3.1_13
    cpe:2.3:a:sun:jdk:1.3.1_13
  • Sun JDK 1.3.1_14
    cpe:2.3:a:sun:jdk:1.3.1_14
  • Sun JDK 1.3.1_15
    cpe:2.3:a:sun:jdk:1.3.1_15
  • Sun JDK 1.3.1_16
    cpe:2.3:a:sun:jdk:1.3.1_16
  • Sun JDK 1.3.1_17
    cpe:2.3:a:sun:jdk:1.3.1_17
  • Sun JDK 1.3.1_18
    cpe:2.3:a:sun:jdk:1.3.1_18
  • Sun JDK 1.3.1_19
    cpe:2.3:a:sun:jdk:1.3.1_19
  • Sun JDK 1.3.1_20
    cpe:2.3:a:sun:jdk:1.3.1_20
  • Sun JDK 1.3.1_21
    cpe:2.3:a:sun:jdk:1.3.1_21
  • Sun JDK 1.3.1_22
    cpe:2.3:a:sun:jdk:1.3.1_22
  • Sun JDK 1.3.1_23
    cpe:2.3:a:sun:jdk:1.3.1_23
  • Sun JDK 1.3.1_24
    cpe:2.3:a:sun:jdk:1.3.1_24
  • Sun JDK 1.3.1_25
    cpe:2.3:a:sun:jdk:1.3.1_25
  • Sun JDK 1.3.1_26
    cpe:2.3:a:sun:jdk:1.3.1_26
  • Sun JDK 1.3.1_27
    cpe:2.3:a:sun:jdk:1.3.1_27
  • Sun JDK 1.3.1_28
    cpe:2.3:a:sun:jdk:1.3.1_28
  • Sun J2RE 1.3.0
    cpe:2.3:a:sun:jre:1.3.0
  • Sun J2RE 1.3.0_01
    cpe:2.3:a:sun:jre:1.3.0:update1
  • Sun J2RE 1.3.0_02
    cpe:2.3:a:sun:jre:1.3.0:update2
  • Sun J2RE 1.3.0_03
    cpe:2.3:a:sun:jre:1.3.0:update3
  • Sun J2RE 1.3.0_04
    cpe:2.3:a:sun:jre:1.3.0:update4
  • Sun J2RE 1.3.0_05
    cpe:2.3:a:sun:jre:1.3.0:update5
  • Sun J2RE 1.3.1
    cpe:2.3:a:sun:jre:1.3.1
  • Sun JRE 1.3.1_01
    cpe:2.3:a:sun:jre:1.3.1:update1
  • Sun JRE 1.3.1_2
    cpe:2.3:a:sun:jre:1.3.1:update2
  • Sun JRE 1.3.1_2
    cpe:2.3:a:sun:jre:1.3.1_2
  • Sun JRE 1.3.1_03
    cpe:2.3:a:sun:jre:1.3.1_03
  • Sun JRE 1.3.1_04
    cpe:2.3:a:sun:jre:1.3.1_04
  • Sun JRE 1.3.1_05
    cpe:2.3:a:sun:jre:1.3.1_05
  • Sun JRE 1.3.1_06
    cpe:2.3:a:sun:jre:1.3.1_06
  • Sun JRE 1.3.1_07
    cpe:2.3:a:sun:jre:1.3.1_07
  • Sun JRE 1.3.1_08
    cpe:2.3:a:sun:jre:1.3.1_08
  • Sun JRE 1.3.1_09
    cpe:2.3:a:sun:jre:1.3.1_09
  • Sun JRE 1.3.1_10
    cpe:2.3:a:sun:jre:1.3.1_10
  • Sun JRE 1.3.1_11
    cpe:2.3:a:sun:jre:1.3.1_11
  • Sun JRE 1.3.1_12
    cpe:2.3:a:sun:jre:1.3.1_12
  • Sun JRE 1.3.1_13
    cpe:2.3:a:sun:jre:1.3.1_13
  • Sun JRE 1.3.1_14
    cpe:2.3:a:sun:jre:1.3.1_14
  • Sun JRE 1.3.1_15
    cpe:2.3:a:sun:jre:1.3.1_15
  • Sun JRE 1.3.1_16
    cpe:2.3:a:sun:jre:1.3.1_16
  • Sun JRE 1.3.1_17
    cpe:2.3:a:sun:jre:1.3.1_17
  • Sun JRE 1.3.1_18
    cpe:2.3:a:sun:jre:1.3.1_18
  • Sun JRE 1.3.1_19
    cpe:2.3:a:sun:jre:1.3.1_19
  • Sun JRE 1.3.1_20
    cpe:2.3:a:sun:jre:1.3.1_20
  • Sun JRE 1.3.1_21
    cpe:2.3:a:sun:jre:1.3.1_21
  • Sun JRE 1.3.1_22
    cpe:2.3:a:sun:jre:1.3.1_22
  • Sun JRE 1.3.1_23
    cpe:2.3:a:sun:jre:1.3.1_23
  • Sun JRE 1.3.1_24
    cpe:2.3:a:sun:jre:1.3.1_24
  • Sun JRE 1.3.1_25
    cpe:2.3:a:sun:jre:1.3.1_25
  • Sun JRE 1.3.1_26
    cpe:2.3:a:sun:jre:1.3.1_26
  • Sun JRE 1.3.1_27
    cpe:2.3:a:sun:jre:1.3.1_27
  • Sun JRE 1.3.1_28
    cpe:2.3:a:sun:jre:1.3.1_28
  • Sun SDK 1.3.0
    cpe:2.3:a:sun:sdk:1.3.0
  • Sun SDK 1.3.0_01
    cpe:2.3:a:sun:sdk:1.3.0_01
  • Sun SDK 1.3.0_02
    cpe:2.3:a:sun:sdk:1.3.0_02
  • Sun SDK 1.3.0_03
    cpe:2.3:a:sun:sdk:1.3.0_03
  • Sun SDK 1.3.0_04
    cpe:2.3:a:sun:sdk:1.3.0_04
  • Sun SDK 1.3.0_05
    cpe:2.3:a:sun:sdk:1.3.0_05
  • Sun SDK 1.3.1
    cpe:2.3:a:sun:sdk:1.3.1
  • Sun SDK 1.3.1_01
    cpe:2.3:a:sun:sdk:1.3.1_01
  • Sun SDK 1.3.1_01a
    cpe:2.3:a:sun:sdk:1.3.1_01a
  • Sun SDK 1.3.1_02
    cpe:2.3:a:sun:sdk:1.3.1_02
  • Sun SDK 1.3.1_03
    cpe:2.3:a:sun:sdk:1.3.1_03
  • Sun SDK 1.3.1_04
    cpe:2.3:a:sun:sdk:1.3.1_04
  • Sun SDK 1.3.1_05
    cpe:2.3:a:sun:sdk:1.3.1_05
  • Sun SDK 1.3.1_06
    cpe:2.3:a:sun:sdk:1.3.1_06
  • Sun SDK 1.3.1_07
    cpe:2.3:a:sun:sdk:1.3.1_07
  • Sun SDK 1.3.1_08
    cpe:2.3:a:sun:sdk:1.3.1_08
  • Sun SDK 1.3.1_09
    cpe:2.3:a:sun:sdk:1.3.1_09
  • Sun SDK 1.3.1_10
    cpe:2.3:a:sun:sdk:1.3.1_10
  • Sun SDK 1.3.1_11
    cpe:2.3:a:sun:sdk:1.3.1_11
  • Sun SDK 1.3.1_12
    cpe:2.3:a:sun:sdk:1.3.1_12
  • Sun SDK 1.3.1_13
    cpe:2.3:a:sun:sdk:1.3.1_13
  • Sun SDK 1.3.1_14
    cpe:2.3:a:sun:sdk:1.3.1_14
  • Sun SDK 1.3.1_15
    cpe:2.3:a:sun:sdk:1.3.1_15
  • Sun SDK 1.3.1_16
    cpe:2.3:a:sun:sdk:1.3.1_16
  • Sun SDK 1.3.1_17
    cpe:2.3:a:sun:sdk:1.3.1_17
  • Sun SDK 1.3.1_18
    cpe:2.3:a:sun:sdk:1.3.1_18
  • Sun SDK 1.3.1_19
    cpe:2.3:a:sun:sdk:1.3.1_19
  • Sun SDK 1.3.1_20
    cpe:2.3:a:sun:sdk:1.3.1_20
  • Sun SDK 1.3.1_21
    cpe:2.3:a:sun:sdk:1.3.1_21
  • Sun SDK 1.3.1_22
    cpe:2.3:a:sun:sdk:1.3.1_22
  • Sun SDK 1.3.1_23
    cpe:2.3:a:sun:sdk:1.3.1_23
  • Sun SDK 1.3.1_24
    cpe:2.3:a:sun:sdk:1.3.1_24
  • Sun SDK 1.3.1_25
    cpe:2.3:a:sun:sdk:1.3.1_25
  • Sun SDK 1.3.1_26
    cpe:2.3:a:sun:sdk:1.3.1_26
  • Sun SDK 1.3.1_27
    cpe:2.3:a:sun:sdk:1.3.1_27
  • Sun SDK 1.3.1_28
    cpe:2.3:a:sun:sdk:1.3.1_28
CVSS
Base: 6.8 (as of 19-10-2010 - 22:46)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_5_0-IBM-7350.NASL
    description IBM Java 5 was updated to SR 12 FixPack 3, fixing bugs and security issues. Reportedly fixed were CVE-2010-3553 / CVE-2010-3557 / CVE-2010-3571 / CVE-2010-4476. For more information please check: http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 52737
    published 2011-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52737
    title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7350)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0169.NASL
    description Updated java-1.5.0-ibm packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes multiple vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2010-3553, CVE-2010-3557, CVE-2010-3571) This update also fixes the following bug : * An error in the java-1.5.0-ibm RPM spec file caused an incorrect path to be included in HtmlConverter, preventing it from running. (BZ#659710) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP3 Java release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 51589
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51589
    title RHEL 4 / 5 / 6 : java-1.5.0-ibm (RHSA-2011:0169)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12683.NASL
    description IBM Java 5 was updated to SR 12 FixPack 3, fixing bugs and security issues. Reportedly fixed were CVE-2010-3553, CVE-2010-3557, CVE-2010-3571 and CVE-2010-4476. For more information please check: http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 52702
    published 2011-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52702
    title SuSE9 Security Update : IBM Java (YOU Patch Number 12683)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201406-32.NASL
    description The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 76303
    published 2014-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76303
    title GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0880.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476) Users of Red Hat Network Satellite 5.4.1 are advised to upgrade to these updated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java release. For this update to take effect, Red Hat Network Satellite must be restarted. Refer to the Solution section for details.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 63983
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63983
    title RHEL 5 : IBM Java Runtime (RHSA-2011:0880)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-SUN-101019.NASL
    description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html
    last seen 2019-02-21
    modified 2013-11-19
    plugin id 50919
    published 2010-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50919
    title SuSE 11 / 11.1 Security Update : Java 1.6.0 (SAT Patch Numbers 3347 / 3349)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0987.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574) This update also fixes the following bugs : * An error in the java-1.6.0-ibm RPM spec file caused an incorrect path to be included in HtmlConverter, preventing it from running. (BZ#659716) * On AMD64 and Intel 64 systems, if only the 64-bit java-1.6.0-ibm packages were installed, IBM Java 6 Web Start was not available as an application that could open JNLP (Java Network Launching Protocol) files. This affected file management and web browser tools. Users had to manually open them with the '/usr/lib/jvm/jre-1.6.0-ibm.x86_64/bin/javaws' command. This update resolves this issue. (BZ#633341) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR9 Java release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 51197
    published 2010-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51197
    title RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2010:0987)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0865.NASL
    description Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the 'chunked' transfer encoding method, which could allow remote attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) HttpURLConnection improperly checked whether the calling code was granted the 'allowHttpTrace' permission, allowing untrusted code to create HTTP TRACE requests. (CVE-2010-3574) HttpURLConnection did not validate request headers set by applets, which could allow remote attackers to trigger actions otherwise restricted to HTTP clients. (CVE-2010-3541, CVE-2010-3573) The Kerberos implementation improperly checked the sanity of AP-REQ requests, which could cause a denial of service condition in the receiving Java Virtual Machine. (CVE-2010-3564) The java-1.6.0-openjdk packages shipped with the GA release of Red Hat Enterprise Linux 6 mitigated a man-in-the-middle attack in the way the TLS/SSL protocols handle session renegotiation by disabling renegotiation. This update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, allowing secure renegotiation between updated clients and servers. (CVE-2009-3555) The NetworkInterface class improperly checked the network 'connect' permissions for local network addresses, which could allow remote attackers to read local network addresses. (CVE-2010-3551) Information leak flaw in the Java Naming and Directory Interface (JNDI) could allow a remote attacker to access information about otherwise-protected internal network names. (CVE-2010-3548) Note: Flaws concerning applets in this advisory (CVE-2010-3568, CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548, CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in OpenJDK by calling the 'appletviewer' application. Bug fixes : * One defense in depth patch. (BZ#639922) * Problems for certain SSL connections. In a reported case, this prevented the JBoss JAAS modules from connecting over SSL to Microsoft Active Directory servers. (BZ#642779)
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 50637
    published 2010-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50637
    title RHEL 6 : java-1.6.0-openjdk (RHSA-2010:0865)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0768.NASL
    description From Red Hat Security Advisory 2010:0768 : Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the 'chunked' transfer encoding method, which could allow remote attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) HttpURLConnection improperly checked whether the calling code was granted the 'allowHttpTrace' permission, allowing untrusted code to create HTTP TRACE requests. (CVE-2010-3574) HttpURLConnection did not validate request headers set by applets, which could allow remote attackers to trigger actions otherwise restricted to HTTP clients. (CVE-2010-3541, CVE-2010-3573) The Kerberos implementation improperly checked the sanity of AP-REQ requests, which could cause a denial of service condition in the receiving Java Virtual Machine. (CVE-2010-3564) The RHSA-2010:0339 update mitigated a man-in-the-middle attack in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation by disabling renegotiation. This update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, allowing secure renegotiation between updated clients and servers. (CVE-2009-3555) The NetworkInterface class improperly checked the network 'connect' permissions for local network addresses, which could allow remote attackers to read local network addresses. (CVE-2010-3551) Information leak flaw in the Java Naming and Directory Interface (JNDI) could allow a remote attacker to access information about otherwise-protected internal network names. (CVE-2010-3548) Note: Flaws concerning applets in this advisory (CVE-2010-3568, CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548, CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in OpenJDK by calling the 'appletviewer' application. Bug fixes : * This update provides one defense in depth patch. (BZ#639922) * Problems for certain SSL connections. In a reported case, this prevented the JBoss JAAS modules from connecting over SSL to Microsoft Active Directory servers. (BZ#618290)
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 68117
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68117
    title Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2010-0768)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0768.NASL
    description Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the 'chunked' transfer encoding method, which could allow remote attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) HttpURLConnection improperly checked whether the calling code was granted the 'allowHttpTrace' permission, allowing untrusted code to create HTTP TRACE requests. (CVE-2010-3574) HttpURLConnection did not validate request headers set by applets, which could allow remote attackers to trigger actions otherwise restricted to HTTP clients. (CVE-2010-3541, CVE-2010-3573) The Kerberos implementation improperly checked the sanity of AP-REQ requests, which could cause a denial of service condition in the receiving Java Virtual Machine. (CVE-2010-3564) The RHSA-2010:0339 update mitigated a man-in-the-middle attack in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation by disabling renegotiation. This update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, allowing secure renegotiation between updated clients and servers. (CVE-2009-3555) The NetworkInterface class improperly checked the network 'connect' permissions for local network addresses, which could allow remote attackers to read local network addresses. (CVE-2010-3551) Information leak flaw in the Java Naming and Directory Interface (JNDI) could allow a remote attacker to access information about otherwise-protected internal network names. (CVE-2010-3548) Note: Flaws concerning applets in this advisory (CVE-2010-3568, CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548, CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in OpenJDK by calling the 'appletviewer' application. Bug fixes : * This update provides one defense in depth patch. (BZ#639922) * Problems for certain SSL connections. In a reported case, this prevented the JBoss JAAS modules from connecting over SSL to Microsoft Active Directory servers. (BZ#618290)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 50003
    published 2010-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50003
    title CentOS 5 : java-1.6.0-openjdk (CESA-2010:0768)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-16312.NASL
    description - Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation - Bug #642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004) - Bug #639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564) - Bug #642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017) - Bug #642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603) - Bug #642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002) - Bug #639880 - CVE-2010-3554 CVE-2010-3561 OpenJDK corba reflection vulnerabilities (6891766,6925672) - Bug #639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813) - Bug #639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710) - Bug #639914 - CVE-2010-3564 OpenJDK kerberos vulnerability (6958060) - Bug #639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023) - Bug #642197 - CVE-2010-3567 OpenJDK ICU Opentype layout engine crash (6963285) - Bug #639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775) - Bug #639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692) - Bug #642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 50007
    published 2010-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50007
    title Fedora 14 : java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14 (2010-16312)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101110_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL
    description defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the 'chunked' transfer encoding method, which could allow remote attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) HttpURLConnection improperly checked whether the calling code was granted the 'allowHttpTrace' permission, allowing untrusted code to create HTTP TRACE requests. (CVE-2010-3574) HttpURLConnection did not validate request headers set by applets, which could allow remote attackers to trigger actions otherwise restricted to HTTP clients. (CVE-2010-3541, CVE-2010-3573) The Kerberos implementation improperly checked the sanity of AP-REQ requests, which could cause a denial of service condition in the receiving Java Virtual Machine. (CVE-2010-3564) The java-1.6.0-openjdk packages shipped with the GA release of Red Hat Enterprise Linux 6 mitigated a man-in-the-middle attack in the way the TLS/SSL protocols handle session renegotiation by disabling renegotiation. This update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, allowing secure renegotiation between updated clients and servers. (CVE-2009-3555) The NetworkInterface class improperly checked the network 'connect' permissions for local network addresses, which could allow remote attackers to read local network addresses. (CVE-2010-3551) Information leak flaw in the Java Naming and Directory Interface (JNDI) could allow a remote attacker to access information about otherwise-protected internal network names. (CVE-2010-3548) Note: Flaws concerning applets in this advisory (CVE-2010-3568, CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548, CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in OpenJDK by calling the 'appletviewer' application. Bug fixes : - One defense in depth patch. (BZ#639922) - Problems for certain SSL connections. In a reported case, this prevented the JBoss JAAS modules from connecting over SSL to Microsoft Active Directory servers. (BZ#642779) All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60892
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60892
    title Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_JAVA-1_6_0-SUN-101019.NASL
    description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 50299
    published 2010-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50299
    title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_JAVA-1_6_0-SUN-101019.NASL
    description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 75540
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75540
    title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_OCT_2010_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 22 / 5.0 Update 26 / 1.4.2_28. Such versions are potentially affected by security issue in the following components : - CORBA - Deployment - Deployment Toolkit - Java 2D - Java Web Start - JNDI - JRE - JSSE - Kerberos - Networking - New Java Plug-in - Sound - Swing
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 64843
    published 2013-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64843
    title Oracle Java SE Multiple Vulnerabilities (October 2010 CPU) (Unix)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-16240.NASL
    description - Thu Oct 7 2010 Jiri Vanek -1:1.6.0-41.1.8.2 - Imports icedtea6-1.8.2 - changed Release versioning from openjdkver to icedteaver - Resolves: rhbz#533125 - Resolves: rhbz#639876 - Resolves: rhbz#639880 - Resolves: rhbz#639897 - Resolves: rhbz#639904 - Resolves: rhbz#639909 - Resolves: rhbz#639914 - Resolves: rhbz#639920 - Resolves: rhbz#639922 - Resolves: rhbz#639925 - Resolves: rhbz#639951 - Resolves: rhbz#6622002 - Resolves: rhbz#6623943 - Resolves: rhbz#6925672 - Resolves: rhbz#6952017 - Resolves: rhbz#6952603 - Resolves: rhbz#6961084 - Resolves: rhbz#6963285 - Resolves: rhbz#6980004 - Resolves: rhbz#6981426 - Resolves: rhbz#6990437 - Mon Jul 26 2010 Martin Matejovic -1:1.6.0-40.b18 - Imports icedtea6-1.8.1 - Removed: java-1.6.0-openjdk-plugin.patch - Resolves: rhbz#616893 - Resolves: rhbz#616895 - Mon Jun 14 2010 Martin Matejovic -1:1.6.0.-39.b18 - Fixed plugin update to IcedTeaPlugin.so - Fixed plugin cpu usage issue - Fixed plugin rewrites ? in URL - Added java-1.6.0-openjdk-plugin.patch - Resovles: rhbz#598353 - Resolves: rhbz#592553 - Resolves: rhbz#602906 - Tue Apr 20 2010 Martin Matejovic - 1:1.6.0-38.b18 - Added icedtea6-1.8 - Added openjdk b18 - Added jdk6-jaf-2009_10_27.zip as SOURCE9 - Added jdk6-jaxp-2009_10_13.zip as SOURCE10 - Added jdk6-jaxws-2009_10_27.zip as SOURCE11 - Removed java-1.6.0-openjdk-securitypatches-20100323.patch - Removed java-1.6.0-openjdk-linux-globals.patch - Removed java-1.6.0-openjdk-memory-barriers.patch - Removed java-1.6.0-openjdk-pulse-audio-libs.patch - Enabled NPPlugin - Tue Mar 30 2010 Martin Matejovic - 1:1.6.0-37.b17 - Added java-1.6.0-openjdk-securitypatches-20100323.patch [plus 62 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 50295
    published 2010-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50295
    title Fedora 12 : java-1.6.0-openjdk-1.6.0.0-41.1.8.2.fc12 (2010-16240)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2011-0003.NASL
    description a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. f. vCenter Server third-party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. g. ESX third-party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. h. ESXi third-party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. i. ESX third-party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. j. ESX third-party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Notes : - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release. - The update also addresses CVE-2010-2240 for ESX 4.0.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 51971
    published 2011-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51971
    title VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_JAVA-1_6_0-SUN-101019.NASL
    description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 50298
    published 2010-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50298
    title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0768.NASL
    description Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the 'chunked' transfer encoding method, which could allow remote attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) HttpURLConnection improperly checked whether the calling code was granted the 'allowHttpTrace' permission, allowing untrusted code to create HTTP TRACE requests. (CVE-2010-3574) HttpURLConnection did not validate request headers set by applets, which could allow remote attackers to trigger actions otherwise restricted to HTTP clients. (CVE-2010-3541, CVE-2010-3573) The Kerberos implementation improperly checked the sanity of AP-REQ requests, which could cause a denial of service condition in the receiving Java Virtual Machine. (CVE-2010-3564) The RHSA-2010:0339 update mitigated a man-in-the-middle attack in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation by disabling renegotiation. This update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, allowing secure renegotiation between updated clients and servers. (CVE-2009-3555) The NetworkInterface class improperly checked the network 'connect' permissions for local network addresses, which could allow remote attackers to read local network addresses. (CVE-2010-3551) Information leak flaw in the Java Naming and Directory Interface (JNDI) could allow a remote attacker to access information about otherwise-protected internal network names. (CVE-2010-3548) Note: Flaws concerning applets in this advisory (CVE-2010-3568, CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548, CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in OpenJDK by calling the 'appletviewer' application. Bug fixes : * This update provides one defense in depth patch. (BZ#639922) * Problems for certain SSL connections. In a reported case, this prevented the JBoss JAAS modules from connecting over SSL to Microsoft Active Directory servers. (BZ#618290)
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 49974
    published 2010-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49974
    title RHEL 5 : java-1.6.0-openjdk (RHSA-2010:0768)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0786.NASL
    description Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.4.2 SR13-FP6 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3551, CVE-2010-3553, CVE-2010-3556, CVE-2010-3557, CVE-2010-3562, CVE-2010-3565, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572) The RHSA-2010:0155 update mitigated a man-in-the-middle attack in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation by disabling renegotiation. This update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, allowing secure renegotiation between updated clients and servers. (CVE-2009-3555) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP6 Java release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 50078
    published 2010-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50078
    title RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0786)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_4_2-IBM-101112.NASL
    description IBM Java 1.4.2 was updated to SR13 FP6 to fix various bugs and security issues.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 51605
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51605
    title SuSE 11.1 Security Update : IBM Java 1.4.2 (SAT Patch Number 3528)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2011-0013.NASL
    description a. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b. ESX third-party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. c. ESX third-party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. f. Integer overflow in VMware third-party component sfcb This release resolves an integer overflow issue present in the third-party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 56665
    published 2011-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56665
    title VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-16294.NASL
    description - Thu Oct 7 2010 Jiri Vanek -1:1.6.0-43.1.8.2 - Imports icedtea6-1.8.2 - changed Release versioning from openjdkver to icedteaver - Resolves: rhbz#533125 - Resolves: rhbz#639876 - Resolves: rhbz#639880 - Resolves: rhbz#639897 - Resolves: rhbz#639904 - Resolves: rhbz#639909 - Resolves: rhbz#639914 - Resolves: rhbz#639920 - Resolves: rhbz#639922 - Resolves: rhbz#639925 - Resolves: rhbz#639951 - Resolves: rhbz#6622002 - Resolves: rhbz#6623943 - Resolves: rhbz#6925672 - Resolves: rhbz#6952017 - Resolves: rhbz#6952603 - Resolves: rhbz#6961084 - Resolves: rhbz#6963285 - Resolves: rhbz#6980004 - Resolves: rhbz#6981426 - Resolves: rhbz#6990437 - Mon Jul 26 2010 Martin Matejovic -1:1.6.0-42.b18 - Imports icedtea6-1.8.1 - Removed: java-1.6.0-openjdk-plugin.patch - Resolves: rhbz#616893 - Resolves: rhbz#616895 - Mon Jun 14 2010 Martin Matejovic -1:1.6.0.-41.b18 - Fixed plugin update to IcedTeaPlugin.so - Fixed plugin cpu usage issue - Fixed plugin rewrites ? in URL - Added java-1.6.0-openjdk-plugin.patch - Resovles: rhbz#598353 - Resolves: rhbz#592553 - Resolves: rhbz#602906 - Fri Jun 11 2010 Martin Matejovic - 1:1.6.0-40.b18 - Rebuild - Tue Jun 8 2010 Martin Matejovic - 1:1.6.0-39.b18 - Added icedtea6-1.8 - Added openjdk b18 - Added visualvm_122 - Added netbeans-profiler-visualvm_release68_1.tar.gz - Added jdk6-jaf-2009_10_27.zip as SOURCE9 - Added jdk6-jaxp-2009_10_13.zip as SOURCE10 - Added jdk6-jaxws-2009_10_27.zip as SOURCE11 - Added java-1.6.0-openjdk-visualvm-update.patch - Removed java-1.6.0-openjdk-securitypatches-20100323.patch - Removed java-1.6.0-openjdk-linux-globals.patch - Removed java-1.6.0-openjdk-memory-barriers.patch - Resolved: rhbz#595191 - Resovles: rhbz#596850 - Resolves: rhbz#597134 - Resolves: rhbz#580432 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 50035
    published 2010-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50035
    title Fedora 13 : java-1.6.0-openjdk-1.6.0.0-43.1.8.2.fc13 (2010-16294)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-101220.NASL
    description IBM Java 6 SR9 was released which fixes a lot of security issues. IBM JDK Alerts can also be found on this page: http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2018-09-01
    modified 2018-07-02
    plugin id 51667
    published 2011-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51667
    title SuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 3724)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12658.NASL
    description IBM Java 1.4.2 was updated to SR13 FP6 to fix various bugs and security issues. Following CVEs are tracked for this update: CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3556 CVE-2010-3557 CVE-2010-3562 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-3571 CVE-2010-3572
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 51338
    published 2010-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51338
    title SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12658)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201111-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201111-02 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56724
    published 2011-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56724
    title GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101013_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL
    description defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the 'chunked' transfer encoding method, which could allow remote attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) HttpURLConnection improperly checked whether the calling code was granted the 'allowHttpTrace' permission, allowing untrusted code to create HTTP TRACE requests. (CVE-2010-3574) HttpURLConnection did not validate request headers set by applets, which could allow remote attackers to trigger actions otherwise restricted to HTTP clients. (CVE-2010-3541, CVE-2010-3573) The Kerberos implementation improperly checked the sanity of AP-REQ requests, which could cause a denial of service condition in the receiving Java Virtual Machine. (CVE-2010-3564) The RHSA-2010:0339 update mitigated a man-in-the-middle attack in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation by disabling renegotiation. This update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, allowing secure renegotiation between updated clients and servers. (CVE-2009-3555) The NetworkInterface class improperly checked the network 'connect' permissions for local network addresses, which could allow remote attackers to read local network addresses. (CVE-2010-3551) Information leak flaw in the Java Naming and Directory Interface (JNDI) could allow a remote attacker to access information about otherwise-protected internal network names. (CVE-2010-3548) Note: Flaws concerning applets in this advisory (CVE-2010-3568, CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548, CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in OpenJDK by calling the 'appletviewer' application. Bug fixes : - This update provides one defense in depth patch. (BZ#639922) - Problems for certain SSL connections. In a reported case, this prevented the JBoss JAAS modules from connecting over SSL to Microsoft Active Directory servers. (BZ#618290)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60868
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60868
    title Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_OCT_2010.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 22 / 5.0 Update 26 / 1.4.2_28. Such versions are potentially affected by security issue in the following components : - CORBA - Deployment - Deployment Toolkit - Java 2D - Java Web Start - JNDI - JRE - JSSE - Kerberos - Networking - New Java Plug-in - Sound - Swing
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 49996
    published 2010-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49996
    title Oracle Java SE Multiple Vulnerabilities (October 2010 CPU)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0770.NASL
    description Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the 'Oracle Java SE and Java for Business Critical Patch Update Advisory' page, listed in the References section. (CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574) The RHSA-2010:0337 update mitigated a man-in-the-middle attack in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation by disabling renegotiation. This update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, allowing secure renegotiation between updated clients and servers. (CVE-2009-3555) Users of java-1.6.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 49990
    published 2010-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49990
    title RHEL 4 / 5 : java-1.6.0-sun (RHSA-2010:0770)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_JAVA-1_6_0-OPENJDK-101103.NASL
    description Icedtea included in java-1_6_0-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities - S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free - S6938813, CVE-2010-3557: OpenJDK Swing mutable static - S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak - S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting) - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53662
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53662
    title openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101014_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    description This update fixes several vulnerabilities in the Java 6 Software Development Kit. Further information about these flaws can be found on the 'Oracle Java SE and Java for Business Critical Patch Update Advisory' page. (CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574) The RHSA-2010:0337 update mitigated a man-in-the-middle attack in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation by disabling renegotiation. This update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, allowing secure renegotiation between updated clients and servers. (CVE-2009-3555) All running instances of Sun Java must be restarted for the update to take effect. NOTE: jdk-1.6.0_20-fcs.x86_64.rpm has not been signed. We cannot sign this package without breaking it.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60869
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60869
    title Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
  • NASL family Misc.
    NASL id VMWARE_VMSA-2011-0013_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89681
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89681
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_6_0-SUN-7204.NASL
    description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked for this update: CVE-2010-3556 / CVE-2010-3562 / CVE-2010-3565 / CVE-2010-3566 / CVE-2010-3567 / CVE-2010-3571 / CVE-2010-3554 / CVE-2010-3563 / CVE-2010-3568 / CVE-2010-3569 / CVE-2010-3558 / CVE-2010-3552 / CVE-2010-3559 / CVE-2010-3572 / CVE-2010-3553 / CVE-2010-3555 / CVE-2010-3550 / CVE-2010-3570 / CVE-2010-3561 / CVE-2009-3555 / CVE-2010-1321 / CVE-2010-3549 / CVE-2010-3557 / CVE-2010-3541 / CVE-2010-3573 / CVE-2010-3574 / CVE-2010-3548 / CVE-2010-3551 / CVE-2010-3560
    last seen 2019-02-21
    modified 2013-11-19
    plugin id 51751
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51751
    title SuSE 10 Security Update : Sun Java 1.6.0 (ZYPP Patch Number 7204)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0873.NASL
    description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3556, CVE-2010-3559, CVE-2010-3562, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP2 Java release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 50641
    published 2010-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50641
    title RHEL 6 : java-1.5.0-ibm (RHSA-2010:0873)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_JAVA-1_6_0-OPENJDK-101103.NASL
    description Icedtea included in java-1_6_0-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities - S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free - S6938813, CVE-2010-3557: OpenJDK Swing mutable static - S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak - S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting) - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75534
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75534
    title openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1010-1.NASL
    description Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. USN-923-1 disabled SSL/TLS renegotiation by default; this update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, and thus supports secure renegotiation between updated clients and servers. (CVE-2009-3555) It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. (CVE-2010-3541) It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. (CVE-2010-3548) It was discovered that HttpURLConnection improperly handled the 'chunked' transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) It was discovered that the NetworkInterface class improperly checked the network 'connect' permissions for local network addresses. This could allow an attacker to read local network addresses. (CVE-2010-3551) It was discovered that UIDefault.ProxyLazyValue had unsafe reflection usage, allowing an attacker to create objects. (CVE-2010-3553) It was discovered that multiple flaws in the CORBA reflection implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) It was discovered that unspecified flaws in the Swing library could allow untrusted applications to modify the behavior and state of certain JDK classes. (CVE-2010-3557) It was discovered that the privileged accept method of the ServerSocket class in the CORBA implementation allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) It was discovered that there exists a double free in java's indexColorModel that could allow an attacker to cause an applet or application to crash, or possibly execute arbitrary code with the privilege of the user running the java applet or application. (CVE-2010-3562) It was discovered that the Kerberos implementation improperly checked AP-REQ requests, which could allow an attacker to cause a denial of service against the receiving JVM. (CVE-2010-3564) It was discovered that improper checks of unspecified image metadata in JPEGImageWriter.writeImage of the imageio API could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. (CVE-2010-3565) It was discovered that an unspecified vulnerability in the ICC profile handling code could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. (CVE-2010-3566) It was discovered that a miscalculation in the OpenType font rendering implementation would allow out-of-bounds memory access. This could allow an attacker to execute arbitrary code with the privileges of the user running a java application. (CVE-2010-3567) It was discovered that an unspecified race condition in the way objects were deserialized could allow an attacker to cause an applet or application to misuse the privileges of the user running the java applet or application. (CVE-2010-3568) It was discovered that the defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times. This could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. (CVE-2010-3569) It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. (CVE-2010-3573) It was discovered that the HttpURLConnection class improperly checked whether the calling code was granted the 'allowHttpTrace' permission, allowing an attacker to create HTTP TRACE requests. (CVE-2010-3574). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 50410
    published 2010-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50410
    title Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openjdk-6, openjdk-6b18 vulnerabilities (USN-1010-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_JAVA-1_6_0-OPENJDK-101103.NASL
    description Icedtea included in java-1_6_0-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities - S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free - S6938813, CVE-2010-3557: OpenJDK Swing mutable static - S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak - S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting) - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53731
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53731
    title openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2011-0003_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Apache Tomcat - Apache Tomcat Manager - cURL - Java Runtime Environment (JRE) - Kernel - Microsoft SQL Express - OpenSSL - pam_krb5
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89674
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89674
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)
oval via4
  • accepted 2015-06-01T04:00:04.391-04:00
    class vulnerability
    contributors
    • name SecPod Team
      organization SecPod Technologies
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    definition_extensions
    • comment Java Development Kit is installed
      oval oval:org.mitre.oval:def:12203
    • comment Java SE Development Kit 6 is installed
      oval oval:org.mitre.oval:def:15831
    • comment Java Runtime Environment is installed
      oval oval:org.mitre.oval:def:11627
    • comment Java SE Runtime Environment 6 is installed
      oval oval:org.mitre.oval:def:16362
    description Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."
    family windows
    id oval:org.mitre.oval:def:11268
    status accepted
    submitted 2010-11-19T05:18:13
    title Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
    version 10
  • accepted 2015-04-20T04:00:12.439-04:00
    class vulnerability
    contributors
    • name Varun Narula
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."
    family unix
    id oval:org.mitre.oval:def:11930
    status accepted
    submitted 2011-02-02T17:07:54.000-05:00
    title HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
    version 45
redhat via4
advisories
  • rhsa
    id RHSA-2010:0768
  • rhsa
    id RHSA-2010:0770
  • rhsa
    id RHSA-2010:0786
  • rhsa
    id RHSA-2010:0865
  • rhsa
    id RHSA-2010:0986
  • rhsa
    id RHSA-2010:0987
  • rhsa
    id RHSA-2011:0169
  • rhsa
    id RHSA-2011:0880
rpms
  • java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5
  • java-1.6.0-openjdk-1:1.6.0.0-1.31.b17.el6_0
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.31.b17.el6_0
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.31.b17.el6_0
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.31.b17.el6_0
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.31.b17.el6_0
refmap via4
bid 44014
bugtraq 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
confirm
fedora
  • FEDORA-2010-16240
  • FEDORA-2010-16294
  • FEDORA-2010-16312
gentoo GLSA-201406-32
hp
  • HPSBMU02799
  • HPSBUX02608
  • SSRT100333
secunia
  • 41972
  • 42974
  • 43005
  • 44954
suse
  • SUSE-SA:2010:061
  • SUSE-SR:2010:019
ubuntu USN-1010-1
vupen
  • ADV-2010-2745
  • ADV-2011-0183
Last major update 22-08-2016 - 22:01
Published 19-10-2010 - 18:00
Last modified 30-10-2018 - 12:26
Back to Top