CVE-2010-4462 - Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Busin

CVE-2010-4462

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4473.

References

Vulnerable Configurations

Sun JRE 1.6.0
cpe:2.3:a:sun:jre:1.6.0
Sun JRE 1.6.0 Update 1
cpe:2.3:a:sun:jre:1.6.0:update_1
Sun JRE 1.6.0 Update 10
cpe:2.3:a:sun:jre:1.6.0:update_10
Sun JRE 1.6.0 Update 11
cpe:2.3:a:sun:jre:1.6.0:update_11
Sun JRE 1.6.0 Update 12
cpe:2.3:a:sun:jre:1.6.0:update_12
Sun JRE 1.6.0 Update 13
cpe:2.3:a:sun:jre:1.6.0:update_13
Sun JRE 1.6.0 Update 14
cpe:2.3:a:sun:jre:1.6.0:update_14
Sun JRE 1.6.0 Update 15
cpe:2.3:a:sun:jre:1.6.0:update_15
Sun JRE 1.6.0 Update 16
cpe:2.3:a:sun:jre:1.6.0:update_16
Sun JRE 1.6.0 Update 17
cpe:2.3:a:sun:jre:1.6.0:update_17
Sun JRE 1.6.0 Update 18
cpe:2.3:a:sun:jre:1.6.0:update_18
Sun JRE 1.6.0 Update 19
cpe:2.3:a:sun:jre:1.6.0:update_19
Sun JRE 1.6.0 Update 2
cpe:2.3:a:sun:jre:1.6.0:update_2
Sun JRE 1.6.0 Update 20
cpe:2.3:a:sun:jre:1.6.0:update_20
Sun JRE 1.6.0 Update 21
cpe:2.3:a:sun:jre:1.6.0:update_21
cpe:2.3:a:sun:jre:1.6.0:update_22
cpe:2.3:a:sun:jre:1.6.0:update_22
cpe:2.3:a:sun:jre:1.6.0:update_23
cpe:2.3:a:sun:jre:1.6.0:update_23
Sun JRE 1.6.0 Update 3
cpe:2.3:a:sun:jre:1.6.0:update_3
Sun JRE 1.6.0 Update 4
cpe:2.3:a:sun:jre:1.6.0:update_4
Sun JRE 1.6.0 Update 5
cpe:2.3:a:sun:jre:1.6.0:update_5
Sun JRE 1.6.0 Update 6
cpe:2.3:a:sun:jre:1.6.0:update_6
Sun JRE 1.6.0 Update 7
cpe:2.3:a:sun:jre:1.6.0:update_7
Sun JDK 1.6.0
cpe:2.3:a:sun:jdk:1.6.0
Sun JDK 6 Update 1
cpe:2.3:a:sun:jdk:1.6.0:update1
Sun JDK 1.6.0_01-b06
cpe:2.3:a:sun:jdk:1.6.0:update1_b06
Sun JDK 6 Update 2
cpe:2.3:a:sun:jdk:1.6.0:update2
Sun JDK 1.6.0 Update 10
cpe:2.3:a:sun:jdk:1.6.0:update_10
Sun JDK 1.6.0 Update 11
cpe:2.3:a:sun:jdk:1.6.0:update_11
Sun JDK 1.6.0 Update 12
cpe:2.3:a:sun:jdk:1.6.0:update_12
Sun JDK 1.6.0 Update 13
cpe:2.3:a:sun:jdk:1.6.0:update_13
Sun JDK 1.6.0 Update 14
cpe:2.3:a:sun:jdk:1.6.0:update_14
Sun JDK 1.6.0 Update 15
cpe:2.3:a:sun:jdk:1.6.0:update_15
Sun JDK 1.6.0 Update 16
cpe:2.3:a:sun:jdk:1.6.0:update_16
Sun JDK 1.6.0 Update 17
cpe:2.3:a:sun:jdk:1.6.0:update_17
Sun JDK 1.6.0 Update 18
cpe:2.3:a:sun:jdk:1.6.0:update_18
Sun JDK 1.6.0 Update 19
cpe:2.3:a:sun:jdk:1.6.0:update_19
Sun JDK 1.6.0 Update 20
cpe:2.3:a:sun:jdk:1.6.0:update_20
Sun JDK 1.6.0 Update 21
cpe:2.3:a:sun:jdk:1.6.0:update_21
cpe:2.3:a:sun:jdk:1.6.0:update_22
cpe:2.3:a:sun:jdk:1.6.0:update_22
cpe:2.3:a:sun:jdk:1.6.0:update_23
cpe:2.3:a:sun:jdk:1.6.0:update_23
Sun JDK 1.6.0 Update 3
cpe:2.3:a:sun:jdk:1.6.0:update_3
Sun JDK 1.6.0 Update 4
cpe:2.3:a:sun:jdk:1.6.0:update_4
Sun JDK 1.6.0 Update 5
cpe:2.3:a:sun:jdk:1.6.0:update_5
Sun JDK 1.6.0 Update 6
cpe:2.3:a:sun:jdk:1.6.0:update_6
Sun JDK 1.6.0 Update 7
cpe:2.3:a:sun:jdk:1.6.0:update_7
Sun JDK 1.5.0
cpe:2.3:a:sun:jdk:1.5.0
Sun JDK 5.0 Update1
cpe:2.3:a:sun:jdk:1.5.0:update1
Sun JDK 5.0 Update10
cpe:2.3:a:sun:jdk:1.5.0:update10
Sun JDK 5.0 Update11
cpe:2.3:a:sun:jdk:1.5.0:update11
Sun JDK 5.0 Update12
cpe:2.3:a:sun:jdk:1.5.0:update12
Sun JDK 5.0 Update 13
cpe:2.3:a:sun:jdk:1.5.0:update13
Sun JDK 5.0 Update 14
cpe:2.3:a:sun:jdk:1.5.0:update14
Sun JDK 5.0 Update 15
cpe:2.3:a:sun:jdk:1.5.0:update15
Sun JDK 5.0 Update 16
cpe:2.3:a:sun:jdk:1.5.0:update16
Sun JDK 5.0 Update 17
cpe:2.3:a:sun:jdk:1.5.0:update17
Sun JDK 5.0 Update 18
cpe:2.3:a:sun:jdk:1.5.0:update18
Sun JDK 5.0 Update 19
cpe:2.3:a:sun:jdk:1.5.0:update19
Sun JDK 5.0 Update2
cpe:2.3:a:sun:jdk:1.5.0:update2
Sun JDK 5.0 Update 20
cpe:2.3:a:sun:jdk:1.5.0:update20
Sun JDK 5.0 Update 21
cpe:2.3:a:sun:jdk:1.5.0:update21
Sun JDK 5.0 Update 22
cpe:2.3:a:sun:jdk:1.5.0:update22
Sun JDK 5.0 Update 23
cpe:2.3:a:sun:jdk:1.5.0:update23
Sun JDK 5.0 Update 24
cpe:2.3:a:sun:jdk:1.5.0:update24
Sun JDK 5.0 Update 25
cpe:2.3:a:sun:jdk:1.5.0:update25
Sun JDK 5.0 Update 26
cpe:2.3:a:sun:jdk:1.5.0:update26
Sun JDK 5.0 Update 27
cpe:2.3:a:sun:jdk:1.5.0:update27
Sun JDK 5.0 Update3
cpe:2.3:a:sun:jdk:1.5.0:update3
Sun JDK 5.0 Update4
cpe:2.3:a:sun:jdk:1.5.0:update4
Sun JDK 5.0 Update5
cpe:2.3:a:sun:jdk:1.5.0:update5
Sun JDK 1.5.0_6
cpe:2.3:a:sun:jdk:1.5.0:update6
Sun JDK 5.0 Update7
cpe:2.3:a:sun:jdk:1.5.0:update7
Sun JDK 5.0 Update8
cpe:2.3:a:sun:jdk:1.5.0:update8
Sun JDK 5.0 Update9
cpe:2.3:a:sun:jdk:1.5.0:update9
SDK 1.4.2
cpe:2.3:a:sun:sdk:1.4.2
Sun SDK 1.4.2_1
cpe:2.3:a:sun:sdk:1.4.2_1
SDK 1.4.2_02
cpe:2.3:a:sun:sdk:1.4.2_02
Sun SDK 1.4.2_3
cpe:2.3:a:sun:sdk:1.4.2_3
Sun SDK 1.4.2_4
cpe:2.3:a:sun:sdk:1.4.2_4
Sun SDK 1.4.2_5
cpe:2.3:a:sun:sdk:1.4.2_5
Sun SDK 1.4.2_6
cpe:2.3:a:sun:sdk:1.4.2_6
Sun SDK 1.4.2_7
cpe:2.3:a:sun:sdk:1.4.2_7
Sun SDK 1.4.2_8
cpe:2.3:a:sun:sdk:1.4.2_8
Sun SDK 1.4.2_9
cpe:2.3:a:sun:sdk:1.4.2_9
Sun SDK 1.4.2_10
cpe:2.3:a:sun:sdk:1.4.2_10
Sun SDK 1.4.2_11
cpe:2.3:a:sun:sdk:1.4.2_11
Sun SDK 1.4.2_12
cpe:2.3:a:sun:sdk:1.4.2_12
Sun SDK 1.4.2_13
cpe:2.3:a:sun:sdk:1.4.2_13
Sun SDK 1.4.2_14
cpe:2.3:a:sun:sdk:1.4.2_14
Sun SDK 1.4.2_15
cpe:2.3:a:sun:sdk:1.4.2_15
Sun SDK 1.4.2_16
cpe:2.3:a:sun:sdk:1.4.2_16
Sun SDK1.4.2_17
cpe:2.3:a:sun:sdk:1.4.2_17
Sun SDK1.4.2_18
cpe:2.3:a:sun:sdk:1.4.2_18
Sun SDK 1.4.2_19
cpe:2.3:a:sun:sdk:1.4.2_19
Sun SDK 1.4.2_20
cpe:2.3:a:sun:sdk:1.4.2_20
Sun SDK 1.4.2_21
cpe:2.3:a:sun:sdk:1.4.2_21
SDK 1.4.2_22
cpe:2.3:a:sun:sdk:1.4.2_22
Sun SDK 1.4.2_23
cpe:2.3:a:sun:sdk:1.4.2_23
Sun SDK 1.4.2_24
cpe:2.3:a:sun:sdk:1.4.2_24
Sun SDK 1.4.2_25
cpe:2.3:a:sun:sdk:1.4.2_25
Sun SDK 1.4.2_26
cpe:2.3:a:sun:sdk:1.4.2_26
Sun SDK 1.4.2_27
cpe:2.3:a:sun:sdk:1.4.2_27
cpe:2.3:a:sun:sdk:1.4.2_28
cpe:2.3:a:sun:sdk:1.4.2_28
cpe:2.3:a:sun:sdk:1.4.2_29
cpe:2.3:a:sun:sdk:1.4.2_29
Sun JRE 1.5.0
cpe:2.3:a:sun:jre:1.5.0
Sun JRE 1.5.0_1 (JRE 5.0 Update 1)
cpe:2.3:a:sun:jre:1.5.0:update1
Sun JRE 1.5.0_10 (JRE 5.0 Update 10)
cpe:2.3:a:sun:jre:1.5.0:update10
Sun JRE 1.5.0_11 (JRE 5.0 Update 11)
cpe:2.3:a:sun:jre:1.5.0:update11
Sun JRE 1.5.0_12 (JRE 5.0 Update 12)
cpe:2.3:a:sun:jre:1.5.0:update12
Sun JRE 1.5.0_13 (JRE 5.0 Update 13)
cpe:2.3:a:sun:jre:1.5.0:update13
Sun JRE 1.5.0_14 (JRE 5.0 Update 14)
cpe:2.3:a:sun:jre:1.5.0:update14
Sun JRE 1.5.0_15 (JRE 5.0 Update 15)
cpe:2.3:a:sun:jre:1.5.0:update15
Sun JRE 1.5.0_16 (JRE 5.0 Update 16)
cpe:2.3:a:sun:jre:1.5.0:update16
Sun JRE 1.5.0_17 (JRE 5.0 Update 17)
cpe:2.3:a:sun:jre:1.5.0:update17
Sun JRE 1.5.0_18 (JRE 5.0 Update 18)
cpe:2.3:a:sun:jre:1.5.0:update18
Sun JRE 1.5.0_19 (JRE 5.0 Update 19)
cpe:2.3:a:sun:jre:1.5.0:update19
Sun JRE 1.5.0_2 (JRE 5.0 Update 2)
cpe:2.3:a:sun:jre:1.5.0:update2
Sun JRE 1.5.0_20 (JRE 5.0 Update 20)
cpe:2.3:a:sun:jre:1.5.0:update20
Sun JRE 1.5.0_21 (JRE 5.0 Update 21)
cpe:2.3:a:sun:jre:1.5.0:update21
Sun JRE 1.5.0_22 (JRE 5.0 Update 22)
cpe:2.3:a:sun:jre:1.5.0:update22
Sun JRE 1.5.0_23 (JRE 5.0 Update 23)
cpe:2.3:a:sun:jre:1.5.0:update23
Sun JRE 1.5.0_24 (JRE 5.0 Update 24)
cpe:2.3:a:sun:jre:1.5.0:update24
Sun JRE 1.5.0_25 (JRE 5.0 Update 25)
cpe:2.3:a:sun:jre:1.5.0:update25
Sun JRE 1.5.0_26 (JRE 5.0 Update 26)
cpe:2.3:a:sun:jre:1.5.0:update26
Sun JRE 1.5.0_27 (JRE 5.0 Update 27)
cpe:2.3:a:sun:jre:1.5.0:update27
Sun JRE 1.5.0_3 (JRE 5.0 Update 3)
cpe:2.3:a:sun:jre:1.5.0:update3
Sun JRE 1.5.0_4 (JRE 5.0 Update 4)
cpe:2.3:a:sun:jre:1.5.0:update4
Sun JRE 1.5.0_5 (JRE 5.0 Update 5)
cpe:2.3:a:sun:jre:1.5.0:update5
Sun JRE 1.5.0_6 (JRE 5.0 Update 6)
cpe:2.3:a:sun:jre:1.5.0:update6
Sun JRE 1.5.0_7 (JRE 5.0 Update 7)
cpe:2.3:a:sun:jre:1.5.0:update7
Sun JRE 1.5.0_8 (JRE 5.0 Update 8)
cpe:2.3:a:sun:jre:1.5.0:update8
Sun JRE 1.5.0_9 (JRE 5.0 Update 9)
cpe:2.3:a:sun:jre:1.5.0:update9
Sun JRE 1.4.2
cpe:2.3:a:sun:jre:1.4.2
Sun JRE 1.4.2_1
cpe:2.3:a:sun:jre:1.4.2_1
Sun JRE 1.4.2_2
cpe:2.3:a:sun:jre:1.4.2_2
Sun JRE 1.4.2_3
cpe:2.3:a:sun:jre:1.4.2_3
Sun JRE 1.4.2_4
cpe:2.3:a:sun:jre:1.4.2_4
Sun JRE 1.4.2_5
cpe:2.3:a:sun:jre:1.4.2_5
Sun JRE 1.4.2_6
cpe:2.3:a:sun:jre:1.4.2_6
Sun JRE 1.4.2_7
cpe:2.3:a:sun:jre:1.4.2_7
Sun JRE 1.4.2_8
cpe:2.3:a:sun:jre:1.4.2_8
Sun JRE 1.4.2_9
cpe:2.3:a:sun:jre:1.4.2_9
Sun JRE 1.4.2_10
cpe:2.3:a:sun:jre:1.4.2_10
Sun JRE 1.4.2_11
cpe:2.3:a:sun:jre:1.4.2_11
Sun JRE 1.4.2_12
cpe:2.3:a:sun:jre:1.4.2_12
Sun JRE 1.4.2_13
cpe:2.3:a:sun:jre:1.4.2_13
Sun JRE 1.4.2_14
cpe:2.3:a:sun:jre:1.4.2_14
Sun JRE 1.4.2_15
cpe:2.3:a:sun:jre:1.4.2_15
Sun JRE 1.4.2_16
cpe:2.3:a:sun:jre:1.4.2_16
Sun JRE 1.4.2_17
cpe:2.3:a:sun:jre:1.4.2_17
Sun JRE 1.4.2_18
cpe:2.3:a:sun:jre:1.4.2_18
Sun JRE 1.4.2_19
cpe:2.3:a:sun:jre:1.4.2_19
Sun JRE 1.4.2_20
cpe:2.3:a:sun:jre:1.4.2_20
Sun JRE 1.4.2_21
cpe:2.3:a:sun:jre:1.4.2_21
Sun JRE 1.4.2_22
cpe:2.3:a:sun:jre:1.4.2_22
Sun JRE 1.4.2_23
cpe:2.3:a:sun:jre:1.4.2_23
Sun JRE 1.4.2_24
cpe:2.3:a:sun:jre:1.4.2_24
Sun JRE 1.4.2_25
cpe:2.3:a:sun:jre:1.4.2_25
Sun JRE 1.4.2_26
cpe:2.3:a:sun:jre:1.4.2_26
Sun JRE 1.4.2_27
cpe:2.3:a:sun:jre:1.4.2_27
Sun JRE 1.4.2_28
cpe:2.3:a:sun:jre:1.4.2_28
Sun JRE 1.4.2_29
cpe:2.3:a:sun:jre:1.4.2_29

CVSS

Base:	10.0 (as of 18-02-2011 - 12:47)
Impact:
Exploitability:

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

nessus via4

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2011-0880.NASL
description	Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476) Users of Red Hat Network Satellite 5.4.1 are advised to upgrade to these updated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java release. For this update to take effect, Red Hat Network Satellite must be restarted. Refer to the Solution section for details.
last seen	2019-01-16
modified	2018-07-25
plugin id	63983
published	2013-01-24
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=63983
title	RHEL 5 : IBM Java Runtime (RHSA-2011:0880)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12706.NASL
description	IBM Java 1.4.2 was updated to SR13 FP9, fixing bugs and security issues. More information can be found on the IBM JDK Alerts page : http://www.ibm.com/developerworks/java/jdk/alerts/
last seen	2019-01-16
modified	2018-08-09
plugin id	53883
published	2011-05-13
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=53883
title	SuSE9 Security Update : IBM Java JRE and SDK (YOU Patch Number 12706)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_JAVA-1_4_2-IBM-110504.NASL
description	IBM Java 1.4.2 was updated to SR13 FP9, fixing bugs and security issues. More information can be found on the IBM JDK Alerts page : http://www.ibm.com/developerworks/java/jdk/alerts/
last seen	2019-01-16
modified	2018-08-09
plugin id	53891
published	2011-05-13
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=53891
title	SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4481)

NASL family	SuSE Local Security Checks
NASL id	SUSE_JAVA-1_6_0-SUN-7342.NASL
description	Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed : CVE-2010-4452 / CVE-2010-4454 / CVE-2010-4462 / CVE-2010-4463 / CVE-2010-4465 / CVE-2010-4467 / CVE-2010-4469 / CVE-2010-4473 / CVE-2010-4422 / CVE-2010-4451 / CVE-2010-4466 / CVE-2010-4470 / CVE-2010-4471 / CVE-2010-4476 / CVE-2010-4447 / CVE-2010-4475 / CVE-2010-4468 / CVE-2010-4450 / CVE-2010-4448 / CVE-2010-4472 / CVE-2010-4474
last seen	2019-01-16
modified	2013-11-18
plugin id	52068
published	2011-02-23
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=52068
title	SuSE 10 Security Update : IBM Java 1.6 (ZYPP Patch Number 7342)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2011-0490.NASL
description	Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.4.2 SR13-FP9 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4473, CVE-2010-4475, CVE-2011-0311) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP9 Java release. All running instances of IBM Java must be restarted for this update to take effect.
last seen	2019-01-16
modified	2018-12-20
plugin id	53819
published	2011-05-06
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=53819
title	RHEL 4 / 5 : java-1.4.2-ibm (RHSA-2011:0490)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_JAVA_10_5_UPDATE9.NASL
description	The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 9. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
last seen	2019-01-16
modified	2018-07-14
plugin id	52587
published	2011-03-09
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=52587
title	Mac OS X : Java for Mac OS X 10.5 Update 9

NASL family	Misc.
NASL id	VMWARE_VMSA-2011-0013_REMOTE.NASL
description	The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL
last seen	2019-01-16
modified	2018-08-16
plugin id	89681
published	2016-03-04
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=89681
title	VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2011-0282.NASL
description	Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the 'Oracle Java SE and Java for Business Critical Patch Update Advisory' page, listed in the References section. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
last seen	2019-01-16
modified	2018-11-26
plugin id	52021
published	2011-02-18
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=52021
title	RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:0282)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_JAVA-1_6_0-SUN-110217.NASL
description	Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. The following CVEs were addressed : CVE-2010-4452 / CVE-2010-4454 / CVE-2010-4462 / CVE-2010-4463 / CVE-2010-4465 / CVE-2010-4467 / CVE-2010-4469 / CVE-2010-4473 / CVE-2010-4422 / CVE-2010-4451 / CVE-2010-4466 / CVE-2010-4470 / CVE-2010-4471 / CVE-2010-4476 / CVE-2010-4447 / CVE-2010-4475 / CVE-2010-4468 / CVE-2010-4450 / CVE-2010-4448 / CVE-2010-4472 / CVE-2010-4474
last seen	2019-01-16
modified	2013-11-18
plugin id	52067
published	2011-02-23
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=52067
title	SuSE 11.1 Security Update : Sun Java 1.6 (SAT Patch Number 3976)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_4_JAVA-1_6_0-SUN-110314.NASL
description	Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474
last seen	2019-01-16
modified	2014-06-13
plugin id	75872
published	2014-06-13
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=75872
title	openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-4147)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2011-0357.NASL
description	Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475) Note: The RHSA-2010:0987 and RHSA-2011:0290 java-1.6.0-ibm errata were missing 64-bit PowerPC packages for Red Hat Enterprise Linux 4 Extras. This erratum provides 64-bit PowerPC packages for Red Hat Enterprise Linux 4 Extras as expected. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR9-FP1 Java release. All running instances of IBM Java must be restarted for the update to take effect.
last seen	2019-01-16
modified	2018-12-20
plugin id	52701
published	2011-03-17
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=52701
title	RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0357)

NASL family	Misc.
NASL id	ORACLE_JAVA_CPU_FEB_2011_UNIX.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 24 / 5.0 Update 28 / 1.4.2_30. Such versions are potentially affected by security issues in the following components : - Deployment - HotSpot - Install - JAXP - Java Language - JDBC - Launcher - Networking - Security - Sound - Swing - XML Digital Signature - 2D
last seen	2019-01-16
modified	2018-11-15
plugin id	64844
published	2013-02-22
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=64844
title	Oracle Java SE Multiple Vulnerabilities (February 2011 CPU) (Unix)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_3_JAVA-1_6_0-SUN-110217.NASL
description	Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474
last seen	2019-01-16
modified	2018-11-10
plugin id	75541
published	2014-06-13
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=75541
title	openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_JAVA-1_6_0-IBM-110307.NASL
description	IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float number handling : - The Java Runtime Environment hangs forever when converting '2.2250738585072012e-308' to a binary floating-point number. (CVE-2010-4476)
last seen	2019-01-16
modified	2013-11-18
plugin id	52751
published	2011-03-22
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=52751
title	SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4109)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201111-02.NASL
description	The remote host is affected by the vulnerability described in GLSA-201111-02 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
last seen	2019-01-16
modified	2018-07-11
plugin id	56724
published	2011-11-07
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=56724
title	GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2011-0013.NASL
description	a. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b. ESX third-party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. c. ESX third-party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. f. Integer overflow in VMware third-party component sfcb This release resolves an integer overflow issue present in the third-party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue.
last seen	2019-01-16
modified	2018-09-06
plugin id	56665
published	2011-10-28
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=56665
title	VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_2_JAVA-1_6_0-SUN-110217.NASL
description	Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474
last seen	2019-01-16
modified	2018-11-10
plugin id	53736
published	2011-05-05
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=53736
title	openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)

NASL family	Windows
NASL id	ORACLE_JAVA_CPU_FEB_2011.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 24 / 5.0 Update 28 / 1.4.2_30. Such versions are potentially affected by security issue in the following components : - Deployment - HotSpot - Install - JAXP - Java Language - JDBC - Launcher - Networking - Security - Sound - Swing - XML Digital Signature - 2D
last seen	2019-01-16
modified	2018-11-15
plugin id	52002
published	2011-02-16
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=52002
title	Oracle Java SE Multiple Vulnerabilities (February 2011 CPU)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20110217_JAVA__JDK_1_6_0__ON_SL4_X.NASL
description	This update fixes several vulnerabilities in the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the 'Oracle Java SE and Java for Business Critical Patch Update Advisory' page. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476) All running instances of Sun Java must be restarted for the update to take effect. NOTE: jdk-1.6.0_20-fcs.x86_64.rpm has not been signed. We cannot sign this package without breaking it.
last seen	2019-01-16
modified	2018-12-31
plugin id	60964
published	2012-08-01
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=60964
title	Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_JAVA_10_6_UPDATE4.NASL
description	The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 4. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
last seen	2019-01-16
modified	2018-07-14
plugin id	52588
published	2011-03-09
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=52588
title	Mac OS X : Java for Mac OS X 10.6 Update 4

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2011-0364.NASL
description	Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP4 Java release. All running instances of IBM Java must be restarted for this update to take effect.
last seen	2019-01-16
modified	2018-12-20
plugin id	52709
published	2011-03-18
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=52709
title	RHEL 4 / 5 / 6 : java-1.5.0-ibm (RHSA-2011:0364)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12691.NASL
description	IBM Java 5 was updated to SR 12 FP 4 fixing various security issues. For more details, please check the IBM JDK Alerts page : http://www.ibm.com/developerworks/java/jdk/alerts/
last seen	2018-09-02
modified	2018-08-09
plugin id	53251
published	2011-04-01
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=53251
title	SuSE9 Security Update : IBM Java JRE and SDK (YOU Patch Number 12691)

oval via4

accepted

2015-04-20T04:00:33.930-04:00

class

vulnerability

contributors

name Yamini Mohan R
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Prashant Kumar
organization Hewlett-Packard
name Mike Cokus
organization The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:12841

status

accepted

submitted

2011-07-28T11:57:52.000-05:00

title

HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities

version

accepted

2015-03-23T04:00:34.513-04:00

class

vulnerability

contributors

name Aharon Chernin
organization DTCC
name Dragos Prisaca
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Java SE Development Kit 6 is installed
oval oval:org.mitre.oval:def:15831
comment Java SE Runtime Environment 6 is installed
oval oval:org.mitre.oval:def:16362
comment Java SE Runtime Environment 5 is installed
oval oval:org.mitre.oval:def:15748
comment Java SE Development Kit 5 is installed
oval oval:org.mitre.oval:def:16292

description

family

windows

oval:org.mitre.oval:def:14039

status

accepted

submitted

2011-11-25T18:04:14.000-05:00

title

version

redhat via4

advisories

rhsa
id RHSA-2011:0282
rhsa
id RHSA-2011:0880

refmap via4

confirm	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html
hp	HPSBMU02797 HPSBMU02799 HPSBUX02777 SSRT100854 SSRT100867
secunia	44954 49198
suse	SUSE-SA:2011:024 SUSE-SU-2011:0823

Last major update

21-11-2016 - 22:00

Published

17-02-2011 - 14:00

Last modified

30-10-2018 - 12:26