ID CVE-2010-4476
Summary The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
References
Vulnerable Configurations
  • Sun JRE 1.6.0
    cpe:2.3:a:sun:jre:1.6.0
  • Sun JRE 1.6.0 Update 1
    cpe:2.3:a:sun:jre:1.6.0:update_1
  • Sun JRE 1.6.0 Update 10
    cpe:2.3:a:sun:jre:1.6.0:update_10
  • Sun JRE 1.6.0 Update 11
    cpe:2.3:a:sun:jre:1.6.0:update_11
  • Sun JRE 1.6.0 Update 12
    cpe:2.3:a:sun:jre:1.6.0:update_12
  • Sun JRE 1.6.0 Update 13
    cpe:2.3:a:sun:jre:1.6.0:update_13
  • Sun JRE 1.6.0 Update 14
    cpe:2.3:a:sun:jre:1.6.0:update_14
  • Sun JRE 1.6.0 Update 15
    cpe:2.3:a:sun:jre:1.6.0:update_15
  • Sun JRE 1.6.0 Update 16
    cpe:2.3:a:sun:jre:1.6.0:update_16
  • Sun JRE 1.6.0 Update 17
    cpe:2.3:a:sun:jre:1.6.0:update_17
  • Sun JRE 1.6.0 Update 18
    cpe:2.3:a:sun:jre:1.6.0:update_18
  • Sun JRE 1.6.0 Update 19
    cpe:2.3:a:sun:jre:1.6.0:update_19
  • Sun JRE 1.6.0 Update 2
    cpe:2.3:a:sun:jre:1.6.0:update_2
  • Sun JRE 1.6.0 Update 20
    cpe:2.3:a:sun:jre:1.6.0:update_20
  • Sun JRE 1.6.0 Update 21
    cpe:2.3:a:sun:jre:1.6.0:update_21
  • cpe:2.3:a:sun:jre:1.6.0:update_22
    cpe:2.3:a:sun:jre:1.6.0:update_22
  • cpe:2.3:a:sun:jre:1.6.0:update_23
    cpe:2.3:a:sun:jre:1.6.0:update_23
  • Sun JRE 1.6.0 Update 3
    cpe:2.3:a:sun:jre:1.6.0:update_3
  • Sun JRE 1.6.0 Update 4
    cpe:2.3:a:sun:jre:1.6.0:update_4
  • Sun JRE 1.6.0 Update 5
    cpe:2.3:a:sun:jre:1.6.0:update_5
  • Sun JRE 1.6.0 Update 6
    cpe:2.3:a:sun:jre:1.6.0:update_6
  • Sun JRE 1.6.0 Update 7
    cpe:2.3:a:sun:jre:1.6.0:update_7
  • Sun JDK 1.6.0
    cpe:2.3:a:sun:jdk:1.6.0
  • Sun JDK 6 Update 1
    cpe:2.3:a:sun:jdk:1.6.0:update1
  • Sun JDK 1.6.0_01-b06
    cpe:2.3:a:sun:jdk:1.6.0:update1_b06
  • Sun JDK 6 Update 2
    cpe:2.3:a:sun:jdk:1.6.0:update2
  • Sun JDK 1.6.0 Update 10
    cpe:2.3:a:sun:jdk:1.6.0:update_10
  • Sun JDK 1.6.0 Update 11
    cpe:2.3:a:sun:jdk:1.6.0:update_11
  • Sun JDK 1.6.0 Update 12
    cpe:2.3:a:sun:jdk:1.6.0:update_12
  • Sun JDK 1.6.0 Update 13
    cpe:2.3:a:sun:jdk:1.6.0:update_13
  • Sun JDK 1.6.0 Update 14
    cpe:2.3:a:sun:jdk:1.6.0:update_14
  • Sun JDK 1.6.0 Update 15
    cpe:2.3:a:sun:jdk:1.6.0:update_15
  • Sun JDK 1.6.0 Update 16
    cpe:2.3:a:sun:jdk:1.6.0:update_16
  • Sun JDK 1.6.0 Update 17
    cpe:2.3:a:sun:jdk:1.6.0:update_17
  • Sun JDK 1.6.0 Update 18
    cpe:2.3:a:sun:jdk:1.6.0:update_18
  • Sun JDK 1.6.0 Update 19
    cpe:2.3:a:sun:jdk:1.6.0:update_19
  • Sun JDK 1.6.0 Update 20
    cpe:2.3:a:sun:jdk:1.6.0:update_20
  • Sun JDK 1.6.0 Update 21
    cpe:2.3:a:sun:jdk:1.6.0:update_21
  • cpe:2.3:a:sun:jdk:1.6.0:update_22
    cpe:2.3:a:sun:jdk:1.6.0:update_22
  • cpe:2.3:a:sun:jdk:1.6.0:update_23
    cpe:2.3:a:sun:jdk:1.6.0:update_23
  • Sun JDK 1.6.0 Update 3
    cpe:2.3:a:sun:jdk:1.6.0:update_3
  • Sun JDK 1.6.0 Update 4
    cpe:2.3:a:sun:jdk:1.6.0:update_4
  • Sun JDK 1.6.0 Update 5
    cpe:2.3:a:sun:jdk:1.6.0:update_5
  • Sun JDK 1.6.0 Update 6
    cpe:2.3:a:sun:jdk:1.6.0:update_6
  • Sun JDK 1.6.0 Update 7
    cpe:2.3:a:sun:jdk:1.6.0:update_7
  • Sun JDK 1.5.0
    cpe:2.3:a:sun:jdk:1.5.0
  • Sun JDK 5.0 Update1
    cpe:2.3:a:sun:jdk:1.5.0:update1
  • Sun JDK 5.0 Update10
    cpe:2.3:a:sun:jdk:1.5.0:update10
  • Sun JDK 5.0 Update11
    cpe:2.3:a:sun:jdk:1.5.0:update11
  • Sun JDK 5.0 Update12
    cpe:2.3:a:sun:jdk:1.5.0:update12
  • Sun JDK 5.0 Update 13
    cpe:2.3:a:sun:jdk:1.5.0:update13
  • Sun JDK 5.0 Update 14
    cpe:2.3:a:sun:jdk:1.5.0:update14
  • Sun JDK 5.0 Update 15
    cpe:2.3:a:sun:jdk:1.5.0:update15
  • Sun JDK 5.0 Update 16
    cpe:2.3:a:sun:jdk:1.5.0:update16
  • Sun JDK 5.0 Update 17
    cpe:2.3:a:sun:jdk:1.5.0:update17
  • Sun JDK 5.0 Update 18
    cpe:2.3:a:sun:jdk:1.5.0:update18
  • Sun JDK 5.0 Update 19
    cpe:2.3:a:sun:jdk:1.5.0:update19
  • Sun JDK 5.0 Update2
    cpe:2.3:a:sun:jdk:1.5.0:update2
  • Sun JDK 5.0 Update 20
    cpe:2.3:a:sun:jdk:1.5.0:update20
  • Sun JDK 5.0 Update 21
    cpe:2.3:a:sun:jdk:1.5.0:update21
  • Sun JDK 5.0 Update 22
    cpe:2.3:a:sun:jdk:1.5.0:update22
  • Sun JDK 5.0 Update 23
    cpe:2.3:a:sun:jdk:1.5.0:update23
  • Sun JDK 5.0 Update 24
    cpe:2.3:a:sun:jdk:1.5.0:update24
  • Sun JDK 5.0 Update 25
    cpe:2.3:a:sun:jdk:1.5.0:update25
  • Sun JDK 5.0 Update 26
    cpe:2.3:a:sun:jdk:1.5.0:update26
  • Sun JDK 5.0 Update 27
    cpe:2.3:a:sun:jdk:1.5.0:update27
  • Sun JDK 5.0 Update3
    cpe:2.3:a:sun:jdk:1.5.0:update3
  • Sun JDK 5.0 Update4
    cpe:2.3:a:sun:jdk:1.5.0:update4
  • Sun JDK 5.0 Update5
    cpe:2.3:a:sun:jdk:1.5.0:update5
  • Sun JDK 1.5.0_6
    cpe:2.3:a:sun:jdk:1.5.0:update6
  • Sun JDK 5.0 Update7
    cpe:2.3:a:sun:jdk:1.5.0:update7
  • Sun JDK 5.0 Update8
    cpe:2.3:a:sun:jdk:1.5.0:update8
  • Sun JDK 5.0 Update9
    cpe:2.3:a:sun:jdk:1.5.0:update9
  • SDK 1.4.2
    cpe:2.3:a:sun:sdk:1.4.2
  • Sun SDK 1.4.2_1
    cpe:2.3:a:sun:sdk:1.4.2_1
  • SDK 1.4.2_02
    cpe:2.3:a:sun:sdk:1.4.2_02
  • Sun SDK 1.4.2_3
    cpe:2.3:a:sun:sdk:1.4.2_3
  • Sun SDK 1.4.2_4
    cpe:2.3:a:sun:sdk:1.4.2_4
  • Sun SDK 1.4.2_5
    cpe:2.3:a:sun:sdk:1.4.2_5
  • Sun SDK 1.4.2_6
    cpe:2.3:a:sun:sdk:1.4.2_6
  • Sun SDK 1.4.2_7
    cpe:2.3:a:sun:sdk:1.4.2_7
  • Sun SDK 1.4.2_8
    cpe:2.3:a:sun:sdk:1.4.2_8
  • Sun SDK 1.4.2_9
    cpe:2.3:a:sun:sdk:1.4.2_9
  • Sun SDK 1.4.2_10
    cpe:2.3:a:sun:sdk:1.4.2_10
  • Sun SDK 1.4.2_11
    cpe:2.3:a:sun:sdk:1.4.2_11
  • Sun SDK 1.4.2_12
    cpe:2.3:a:sun:sdk:1.4.2_12
  • Sun SDK 1.4.2_13
    cpe:2.3:a:sun:sdk:1.4.2_13
  • Sun SDK 1.4.2_14
    cpe:2.3:a:sun:sdk:1.4.2_14
  • Sun SDK 1.4.2_15
    cpe:2.3:a:sun:sdk:1.4.2_15
  • Sun SDK 1.4.2_16
    cpe:2.3:a:sun:sdk:1.4.2_16
  • Sun SDK1.4.2_17
    cpe:2.3:a:sun:sdk:1.4.2_17
  • Sun SDK1.4.2_18
    cpe:2.3:a:sun:sdk:1.4.2_18
  • Sun SDK 1.4.2_19
    cpe:2.3:a:sun:sdk:1.4.2_19
  • Sun SDK 1.4.2_20
    cpe:2.3:a:sun:sdk:1.4.2_20
  • Sun SDK 1.4.2_21
    cpe:2.3:a:sun:sdk:1.4.2_21
  • SDK 1.4.2_22
    cpe:2.3:a:sun:sdk:1.4.2_22
  • Sun SDK 1.4.2_23
    cpe:2.3:a:sun:sdk:1.4.2_23
  • Sun SDK 1.4.2_24
    cpe:2.3:a:sun:sdk:1.4.2_24
  • Sun SDK 1.4.2_25
    cpe:2.3:a:sun:sdk:1.4.2_25
  • Sun SDK 1.4.2_26
    cpe:2.3:a:sun:sdk:1.4.2_26
  • Sun SDK 1.4.2_27
    cpe:2.3:a:sun:sdk:1.4.2_27
  • cpe:2.3:a:sun:sdk:1.4.2_28
    cpe:2.3:a:sun:sdk:1.4.2_28
  • cpe:2.3:a:sun:sdk:1.4.2_29
    cpe:2.3:a:sun:sdk:1.4.2_29
  • Sun JRE 1.5.0
    cpe:2.3:a:sun:jre:1.5.0
  • Sun JRE 1.5.0_1 (JRE 5.0 Update 1)
    cpe:2.3:a:sun:jre:1.5.0:update1
  • Sun JRE 1.5.0_10 (JRE 5.0 Update 10)
    cpe:2.3:a:sun:jre:1.5.0:update10
  • Sun JRE 1.5.0_11 (JRE 5.0 Update 11)
    cpe:2.3:a:sun:jre:1.5.0:update11
  • Sun JRE 1.5.0_12 (JRE 5.0 Update 12)
    cpe:2.3:a:sun:jre:1.5.0:update12
  • Sun JRE 1.5.0_13 (JRE 5.0 Update 13)
    cpe:2.3:a:sun:jre:1.5.0:update13
  • Sun JRE 1.5.0_14 (JRE 5.0 Update 14)
    cpe:2.3:a:sun:jre:1.5.0:update14
  • Sun JRE 1.5.0_15 (JRE 5.0 Update 15)
    cpe:2.3:a:sun:jre:1.5.0:update15
  • Sun JRE 1.5.0_16 (JRE 5.0 Update 16)
    cpe:2.3:a:sun:jre:1.5.0:update16
  • Sun JRE 1.5.0_17 (JRE 5.0 Update 17)
    cpe:2.3:a:sun:jre:1.5.0:update17
  • Sun JRE 1.5.0_18 (JRE 5.0 Update 18)
    cpe:2.3:a:sun:jre:1.5.0:update18
  • Sun JRE 1.5.0_19 (JRE 5.0 Update 19)
    cpe:2.3:a:sun:jre:1.5.0:update19
  • Sun JRE 1.5.0_2 (JRE 5.0 Update 2)
    cpe:2.3:a:sun:jre:1.5.0:update2
  • Sun JRE 1.5.0_20 (JRE 5.0 Update 20)
    cpe:2.3:a:sun:jre:1.5.0:update20
  • Sun JRE 1.5.0_21 (JRE 5.0 Update 21)
    cpe:2.3:a:sun:jre:1.5.0:update21
  • Sun JRE 1.5.0_22 (JRE 5.0 Update 22)
    cpe:2.3:a:sun:jre:1.5.0:update22
  • Sun JRE 1.5.0_23 (JRE 5.0 Update 23)
    cpe:2.3:a:sun:jre:1.5.0:update23
  • Sun JRE 1.5.0_24 (JRE 5.0 Update 24)
    cpe:2.3:a:sun:jre:1.5.0:update24
  • Sun JRE 1.5.0_25 (JRE 5.0 Update 25)
    cpe:2.3:a:sun:jre:1.5.0:update25
  • Sun JRE 1.5.0_26 (JRE 5.0 Update 26)
    cpe:2.3:a:sun:jre:1.5.0:update26
  • Sun JRE 1.5.0_27 (JRE 5.0 Update 27)
    cpe:2.3:a:sun:jre:1.5.0:update27
  • Sun JRE 1.5.0_3 (JRE 5.0 Update 3)
    cpe:2.3:a:sun:jre:1.5.0:update3
  • Sun JRE 1.5.0_4 (JRE 5.0 Update 4)
    cpe:2.3:a:sun:jre:1.5.0:update4
  • Sun JRE 1.5.0_5 (JRE 5.0 Update 5)
    cpe:2.3:a:sun:jre:1.5.0:update5
  • Sun JRE 1.5.0_6 (JRE 5.0 Update 6)
    cpe:2.3:a:sun:jre:1.5.0:update6
  • Sun JRE 1.5.0_7 (JRE 5.0 Update 7)
    cpe:2.3:a:sun:jre:1.5.0:update7
  • Sun JRE 1.5.0_8 (JRE 5.0 Update 8)
    cpe:2.3:a:sun:jre:1.5.0:update8
  • Sun JRE 1.5.0_9 (JRE 5.0 Update 9)
    cpe:2.3:a:sun:jre:1.5.0:update9
  • Sun JRE 1.4.2
    cpe:2.3:a:sun:jre:1.4.2
  • Sun JRE 1.4.2_1
    cpe:2.3:a:sun:jre:1.4.2_1
  • Sun JRE 1.4.2_2
    cpe:2.3:a:sun:jre:1.4.2_2
  • Sun JRE 1.4.2_3
    cpe:2.3:a:sun:jre:1.4.2_3
  • Sun JRE 1.4.2_4
    cpe:2.3:a:sun:jre:1.4.2_4
  • Sun JRE 1.4.2_5
    cpe:2.3:a:sun:jre:1.4.2_5
  • Sun JRE 1.4.2_6
    cpe:2.3:a:sun:jre:1.4.2_6
  • Sun JRE 1.4.2_7
    cpe:2.3:a:sun:jre:1.4.2_7
  • Sun JRE 1.4.2_8
    cpe:2.3:a:sun:jre:1.4.2_8
  • Sun JRE 1.4.2_9
    cpe:2.3:a:sun:jre:1.4.2_9
  • Sun JRE 1.4.2_10
    cpe:2.3:a:sun:jre:1.4.2_10
  • Sun JRE 1.4.2_11
    cpe:2.3:a:sun:jre:1.4.2_11
  • Sun JRE 1.4.2_12
    cpe:2.3:a:sun:jre:1.4.2_12
  • Sun JRE 1.4.2_13
    cpe:2.3:a:sun:jre:1.4.2_13
  • Sun JRE 1.4.2_14
    cpe:2.3:a:sun:jre:1.4.2_14
  • Sun JRE 1.4.2_15
    cpe:2.3:a:sun:jre:1.4.2_15
  • Sun JRE 1.4.2_16
    cpe:2.3:a:sun:jre:1.4.2_16
  • Sun JRE 1.4.2_17
    cpe:2.3:a:sun:jre:1.4.2_17
  • Sun JRE 1.4.2_18
    cpe:2.3:a:sun:jre:1.4.2_18
  • Sun JRE 1.4.2_19
    cpe:2.3:a:sun:jre:1.4.2_19
  • Sun JRE 1.4.2_20
    cpe:2.3:a:sun:jre:1.4.2_20
  • Sun JRE 1.4.2_21
    cpe:2.3:a:sun:jre:1.4.2_21
  • Sun JRE 1.4.2_22
    cpe:2.3:a:sun:jre:1.4.2_22
  • Sun JRE 1.4.2_23
    cpe:2.3:a:sun:jre:1.4.2_23
  • Sun JRE 1.4.2_24
    cpe:2.3:a:sun:jre:1.4.2_24
  • Sun JRE 1.4.2_25
    cpe:2.3:a:sun:jre:1.4.2_25
  • Sun JRE 1.4.2_26
    cpe:2.3:a:sun:jre:1.4.2_26
  • Sun JRE 1.4.2_27
    cpe:2.3:a:sun:jre:1.4.2_27
  • Sun JRE 1.4.2_28
    cpe:2.3:a:sun:jre:1.4.2_28
  • Sun JRE 1.4.2_29
    cpe:2.3:a:sun:jre:1.4.2_29
CVSS
Base: 5.0 (as of 18-02-2011 - 13:59)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Oracle Java Floating-Point Value Denial of Service Vulnerability. CVE-2010-4476. Dos exploits for multiple platform
id EDB-ID:35304
last seen 2016-02-04
modified 2011-02-01
published 2011-02-01
reporter Konstantin Preisser
source https://www.exploit-db.com/download/35304/
title Oracle Java Floating-Point Value Denial of Service Vulnerability
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110210_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL
    description A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially crafted HTTP request. (CVE-2010-4476) All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60953
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60953
    title Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0336.NASL
    description From Red Hat Security Advisory 2011:0336 : Updated tomcat5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) Users of Tomcat should upgrade to these updated packages, which contain a backported patch to correct this issue. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 68225
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68225
    title Oracle Linux 5 : tomcat5 (ELSA-2011-0336)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_6_0-IBM-7369.NASL
    description IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float number handling : - The Java Runtime Environment hangs forever when converting '2.2250738585072012e-308' to a binary floating-point number. (CVE-2010-4476)
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 52752
    published 2011-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52752
    title SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_4_2-IBM-110223.NASL
    description IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues. The following security issues were fixed : - The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. (CVE-2010-1321) - Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. (CVE-2010-3574) - The Java Runtime Environment hangs forever when converting '2.2250738585072012e-308' to a binary floating-point number. (CVE-2010-4476)
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 52631
    published 2011-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52631
    title SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4024)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0335.NASL
    description From Red Hat Security Advisory 2011:0335 : Updated tomcat6 packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug : * A bug in the 'tomcat6' init script prevented additional Tomcat instances from starting. As well, running 'service tomcat6 start' caused configuration options applied from '/etc/sysconfig/tomcat6' to be overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this update, multiple instances of Tomcat run as expected. (BZ#676922) Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 68224
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68224
    title Oracle Linux 6 : tomcat6 (ELSA-2011-0335)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_5_0-IBM-7350.NASL
    description IBM Java 5 was updated to SR 12 FixPack 3, fixing bugs and security issues. Reportedly fixed were CVE-2010-3553 / CVE-2010-3557 / CVE-2010-3571 / CVE-2010-4476. For more information please check: http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 52737
    published 2011-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52737
    title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7350)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0292.NASL
    description Updated java-1.4.2-ibm packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java based applications to hang, for example, if they parsed Double values in a specially crafted HTTP request. (CVE-2010-4476) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP8 Java release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 52065
    published 2011-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52065
    title RHEL 4 / 5 : java-1.4.2-ibm (RHSA-2011:0292)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-1263.NASL
    description - Security updates - S4421494, CVE-2010-4476: infinite loop while parsing double literal. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 51961
    published 2011-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51961
    title Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.6.fc14 (2011-1263)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_4_2-IBM-7348.NASL
    description IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues. The following security issues were fixed : - The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. (CVE-2010-1321) - Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. (CVE-2010-3574) - The Java Runtime Environment hangs forever when converting '2.2250738585072012e-308' to a binary floating-point number. (CVE-2010-4476)
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 52632
    published 2011-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52632
    title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7348)
  • NASL family Databases
    NASL id DB2_97FP5.NASL
    description According to its version, the installation of IBM DB2 9.7 running on the remote host is prior to Fix Pack 5. It is, therefore, affected by multiple denial of service vulnerabilities : - On Unix and Unix-like systems with both the Self Tuning Memory Manager (STMM) feature enabled and the 'DATABASE_MEMORY' option set to 'AUTOMATIC', local users are able to carry out denial of service attacks via unknown vectors. (IC70473 / CVE-2011-1373) - A denial of service vulnerability exists in the version of Java that is bundled with the IBM Software Development Kit for Java. (PM32387 / CVE-2010-4476)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 56928
    published 2011-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56928
    title IBM DB2 9.7 < Fix Pack 5 Multiple Denial of Service Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_4_2-IBM-7440.NASL
    description IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues. The following security issues were fixed : - The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. (CVE-2010-1321) - Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. (CVE-2010-3574) - The Java Runtime Environment hangs forever when converting '2.2250738585072012e-308' to a binary floating-point number. (CVE-2010-4476)
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 57203
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57203
    title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7440)
  • NASL family Databases
    NASL id DB2_9FP11.NASL
    description According to its version, the installation of IBM DB2 9.1 running on the remote host is prior to Fix Pack 11. It is, therefore, affected by multiple denial of service vulnerabilities : - The version of Java that is bundled with the application can enter an infinite loop when handling certain operations related to floating point numbers. (CVE-2010-4476) - The Distributed Relational Database Architecture (DRDA) contains an error that can allow denial of service conditions when handling certain maliciously crafted requests. (CVE-2012-0710)
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 59644
    published 2012-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59644
    title IBM DB2 9.1 < Fix Pack 11 Multiple DoS
  • NASL family Windows
    NASL id HP_SYSTEMS_INSIGHT_MANAGER_700_MULTIPLE_VULNS.NASL
    description The version of HP Systems Insight Manager installed on the remote Windows host is affected by vulnerabilities in the following components : - TLS and SSL protocols - Apache Tomcat - Java - Flash Player - BlazeDS/GraniteDS - Adobe LiveCycle - Adobe Flex SDK - Systems Insight Manager
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 59684
    published 2012-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59684
    title HP Systems Insight Manager < 7.0 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12683.NASL
    description IBM Java 5 was updated to SR 12 FixPack 3, fixing bugs and security issues. Reportedly fixed were CVE-2010-3553, CVE-2010-3557, CVE-2010-3571 and CVE-2010-4476. For more information please check: http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 52702
    published 2011-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52702
    title SuSE9 Security Update : IBM Java (YOU Patch Number 12683)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_4_2-IBM-110504.NASL
    description IBM Java 1.4.2 was updated to SR13 FP9, fixing bugs and security issues. More information can be found on the IBM JDK Alerts page : http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 53891
    published 2011-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53891
    title SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4481)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12682.NASL
    description IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues. The following security issues were fixed : - The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. (CVE-2010-1321) - Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. (CVE-2010-3574) - The Java Runtime Environment hangs forever when converting '2.2250738585072012e-308' to a binary floating-point number. (CVE-2010-4476)
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 52629
    published 2011-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52629
    title SuSE9 Security Update : IBMJava JRE and SDK (YOU Patch Number 12682)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0335.NASL
    description Updated tomcat6 packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug : * A bug in the 'tomcat6' init script prevented additional Tomcat instances from starting. As well, running 'service tomcat6 start' caused configuration options applied from '/etc/sysconfig/tomcat6' to be overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this update, multiple instances of Tomcat run as expected. (BZ#676922) Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 52606
    published 2011-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52606
    title RHEL 6 : tomcat6 (RHSA-2011:0335)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201406-32.NASL
    description The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 76303
    published 2014-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76303
    title GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-0336.NASL
    description Updated tomcat5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) Users of Tomcat should upgrade to these updated packages, which contain a backported patch to correct this issue. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53427
    published 2011-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53427
    title CentOS 5 : tomcat5 (CESA-2011:0336)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0880.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476) Users of Red Hat Network Satellite 5.4.1 are advised to upgrade to these updated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java release. For this update to take effect, Red Hat Network Satellite must be restarted. Refer to the Solution section for details.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 63983
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63983
    title RHEL 5 : IBM Java Runtime (RHSA-2011:0880)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12706.NASL
    description IBM Java 1.4.2 was updated to SR13 FP9, fixing bugs and security issues. More information can be found on the IBM JDK Alerts page : http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 53883
    published 2011-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53883
    title SuSE9 Security Update : IBM Java JRE and SDK (YOU Patch Number 12706)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0336.NASL
    description Updated tomcat5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) Users of Tomcat should upgrade to these updated packages, which contain a backported patch to correct this issue. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 52607
    published 2011-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52607
    title RHEL 5 : tomcat5 (RHSA-2011:0336)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110309_TOMCAT5_ON_SL5_X.NASL
    description A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60984
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60984
    title Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110309_TOMCAT6_ON_SL6_X.NASL
    description A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug : - A bug in the 'tomcat6' init script prevented additional Tomcat instances from starting. As well, running 'service tomcat6 start' caused configuration options applied from '/etc/sysconfig/tomcat6' to be overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this update, multiple instances of Tomcat run as expected. (BZ#676922) Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60985
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60985
    title Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201111-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201111-02 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56724
    published 2011-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56724
    title GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-054.NASL
    description Multiple vulnerabilities has been identified and fixed in java-1.6.0-openjdk : The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader (CVE-2010-4351). Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves DNS cache poisoning by untrusted applets. (CVE-2010-4448) Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable (CVE-2010-4450). Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or clipboard access in Applets. (CVE-2010-4465) Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and backward jsrs. (CVE-2010-4469) Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to Features set on SchemaFactory not inherited by Validator. (CVE-2010-4470) Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text (CVE-2010-4471). Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the XML DSig Transform or C14N algorithm implementations. (CVE-2010-4472) The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308 (CVE-2010-4476). IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are partially signed or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source (CVE-2011-0025). The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of an inappropriate security descriptor. (CVE-2011-0706) Additionally the java-1.5.0-gcj packages were not rebuilt with the shipped version on GCC for 2009.0 and Enterprise Server 5 which caused problems while building the java-1.6.0-openjdk updates, therefore rebuilt java-1.5.0-gcj packages are being provided with this advisory as well. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 53001
    published 2011-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53001
    title Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:054)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1079-2.NASL
    description USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM) architectures. This update provides the corresponding updates for OpenJDK 6 for use with the armel (ARM) architectures. In order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04 LTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu 10.04 LTS updates. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448) It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-4450) It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465) It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469) It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470) It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471) It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472) Konstantin Preisser and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2010-4476) It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. (CVE-2011-0706). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 65099
    published 2013-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65099
    title Ubuntu 9.10 / 10.04 LTS : openjdk-6b18 vulnerabilities (USN-1079-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_JAVA-1_6_0-SUN-110217.NASL
    description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53736
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53736
    title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1079-1.NASL
    description It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448) It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-4450) It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465) It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469) It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470) It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471) It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472) Konstantin Preisser and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2010-4476) It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. (CVE-2011-0706). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 52498
    published 2011-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52498
    title Ubuntu 9.10 / 10.04 LTS / 10.10 : openjdk-6 vulnerabilities (USN-1079-1)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2011-0013.NASL
    description a. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b. ESX third-party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. c. ESX third-party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. f. Integer overflow in VMware third-party component sfcb This release resolves an integer overflow issue present in the third-party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 56665
    published 2011-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56665
    title VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_FEB_2011.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 24 / 5.0 Update 28 / 1.4.2_30. Such versions are potentially affected by security issue in the following components : - Deployment - HotSpot - Install - JAXP - Java Language - JDBC - Launcher - Networking - Security - Sound - Swing - XML Digital Signature - 2D
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 52002
    published 2011-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52002
    title Oracle Java SE Multiple Vulnerabilities (February 2011 CPU)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_10_6_UPDATE4.NASL
    description The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 4. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 52588
    published 2011-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52588
    title Mac OS X : Java for Mac OS X 10.6 Update 4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110217_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    description This update fixes several vulnerabilities in the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the 'Oracle Java SE and Java for Business Critical Patch Update Advisory' page. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476) All running instances of Sun Java must be restarted for the update to take effect. NOTE: jdk-1.6.0_20-fcs.x86_64.rpm has not been signed. We cannot sign this package without breaking it.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60964
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60964
    title Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_JAVA-1_6_0-SUN-110217.NASL
    description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75541
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75541
    title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-SUN-110217.NASL
    description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. The following CVEs were addressed : CVE-2010-4452 / CVE-2010-4454 / CVE-2010-4462 / CVE-2010-4463 / CVE-2010-4465 / CVE-2010-4467 / CVE-2010-4469 / CVE-2010-4473 / CVE-2010-4422 / CVE-2010-4451 / CVE-2010-4466 / CVE-2010-4470 / CVE-2010-4471 / CVE-2010-4476 / CVE-2010-4447 / CVE-2010-4475 / CVE-2010-4468 / CVE-2010-4450 / CVE-2010-4448 / CVE-2010-4472 / CVE-2010-4474
    last seen 2019-02-21
    modified 2013-11-18
    plugin id 52067
    published 2011-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52067
    title SuSE 11.1 Security Update : Sun Java 1.6 (SAT Patch Number 3976)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-0214.NASL
    description Updated java-1.6.0-openjdk packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially crafted HTTP request. (CVE-2010-4476) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve this issue. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53419
    published 2011-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53419
    title CentOS 5 : java-1.6.0-openjdk (CESA-2011:0214)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0290.NASL
    description Updated java-1.6.0-ibm packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java based applications to hang, for example, if they parsed Double values in a specially crafted HTTP request. (CVE-2010-4476) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR9 Java release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 52063
    published 2011-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52063
    title RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0290)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1079-3.NASL
    description USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu 10.10. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448) It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-4450) It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465) It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469) It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470) It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471) It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472) Konstantin Preisser and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2010-4476) It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. (CVE-2011-0706). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 65100
    published 2013-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65100
    title Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_FEB_2011_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 24 / 5.0 Update 28 / 1.4.2_30. Such versions are potentially affected by security issues in the following components : - Deployment - HotSpot - Install - JAXP - Java Language - JDBC - Launcher - Networking - Security - Sound - Swing - XML Digital Signature - 2D
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 64844
    published 2013-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64844
    title Oracle Java SE Multiple Vulnerabilities (February 2011 CPU) (Unix)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2011-0013_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89681
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89681
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-110307.NASL
    description IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float number handling : - The Java Runtime Environment hangs forever when converting '2.2250738585072012e-308' to a binary floating-point number. (CVE-2010-4476)
    last seen 2019-02-21
    modified 2013-11-18
    plugin id 52751
    published 2011-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52751
    title SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4109)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-1231.NASL
    description - Security update : - S4421494, CVE-2010-4476: infinite loop while parsing double literal. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 51960
    published 2011-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51960
    title Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.6.fc13 (2011-1231)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0214.NASL
    description Updated java-1.6.0-openjdk packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially crafted HTTP request. (CVE-2010-4476) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve this issue. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 51952
    published 2011-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51952
    title RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:0214)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2161.NASL
    description It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 51977
    published 2011-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51977
    title Debian DSA-2161-1 : openjdk-6 - denial of service
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0282.NASL
    description Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the 'Oracle Java SE and Java for Business Critical Patch Update Advisory' page, listed in the References section. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 52021
    published 2011-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52021
    title RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:0282)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0291.NASL
    description Updated java-1.5.0-ibm packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java based applications to hang, for example, if they parsed Double values in a specially crafted HTTP request. (CVE-2010-4476) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP3 Java release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 52064
    published 2011-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52064
    title RHEL 4 / 5 / 6 : java-1.5.0-ibm (RHSA-2011:0291)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_6_0-SUN-7342.NASL
    description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed : CVE-2010-4452 / CVE-2010-4454 / CVE-2010-4462 / CVE-2010-4463 / CVE-2010-4465 / CVE-2010-4467 / CVE-2010-4469 / CVE-2010-4473 / CVE-2010-4422 / CVE-2010-4451 / CVE-2010-4466 / CVE-2010-4470 / CVE-2010-4471 / CVE-2010-4476 / CVE-2010-4447 / CVE-2010-4475 / CVE-2010-4468 / CVE-2010-4450 / CVE-2010-4448 / CVE-2010-4472 / CVE-2010-4474
    last seen 2019-02-21
    modified 2013-11-18
    plugin id 52068
    published 2011-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52068
    title SuSE 10 Security Update : IBM Java 1.6 (ZYPP Patch Number 7342)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_10_5_UPDATE9.NASL
    description The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 9. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 52587
    published 2011-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52587
    title Mac OS X : Java for Mac OS X 10.5 Update 9
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0214.NASL
    description From Red Hat Security Advisory 2011:0214 : Updated java-1.6.0-openjdk packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially crafted HTTP request. (CVE-2010-4476) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve this issue. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 68197
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68197
    title Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-0214)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_6_0-IBM-7443.NASL
    description IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float number handling. - The Java Runtime Environment hangs forever when converting '2.2250738585072012e-308' to a binary floating-point number. (CVE-2010-4476)
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 57209
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57209
    title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7443)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_JAVA-1_6_0-SUN-110314.NASL
    description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 75872
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75872
    title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-4147)
oval via4
  • accepted 2015-04-20T04:00:31.661-04:00
    class vulnerability
    contributors
    • name Yamini Mohan R
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
    family unix
    id oval:org.mitre.oval:def:12662
    status accepted
    submitted 2011-07-28T11:57:52.000-05:00
    title HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
    version 46
  • accepted 2015-04-20T04:00:32.276-04:00
    class vulnerability
    contributors
    • name Yamini Mohan R
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
    family unix
    id oval:org.mitre.oval:def:12745
    status accepted
    submitted 2011-07-28T14:46:10.000-05:00
    title HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
    version 46
  • accepted 2015-03-23T04:00:38.756-04:00
    class vulnerability
    contributors
    • name Scott Quint
      organization DTCC
    • name Dragos Prisaca
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Java SE Development Kit 6 is installed
      oval oval:org.mitre.oval:def:15831
    • comment Java SE Runtime Environment 6 is installed
      oval oval:org.mitre.oval:def:16362
    • comment Java SE Runtime Environment 5 is installed
      oval oval:org.mitre.oval:def:15748
    • comment Java SE Development Kit 5 is installed
      oval oval:org.mitre.oval:def:16292
    description The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
    family windows
    id oval:org.mitre.oval:def:14328
    status accepted
    submitted 2011-11-25T18:04:28.000-05:00
    title Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
    version 11
  • accepted 2015-04-20T04:00:39.920-04:00
    class vulnerability
    contributors
    • name Yamini Mohan R
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
    family unix
    id oval:org.mitre.oval:def:14589
    status accepted
    submitted 2012-01-30T11:36:29.000-05:00
    title HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
    version 44
  • accepted 2015-04-20T04:01:23.233-04:00
    class vulnerability
    contributors
    • name Ganesh Manal
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
    family unix
    id oval:org.mitre.oval:def:19493
    status accepted
    submitted 2013-11-22T11:43:28.000-05:00
    title HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
    version 44
redhat via4
advisories
  • bugzilla
    id 674336
    title CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.36.b17.el6_0
            oval oval:com.redhat.rhsa:tst:20110214005
          • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865006
        • AND
          • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.36.b17.el6_0
            oval oval:com.redhat.rhsa:tst:20110214011
          • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865010
        • AND
          • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.36.b17.el6_0
            oval oval:com.redhat.rhsa:tst:20110214009
          • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865008
        • AND
          • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.36.b17.el6_0
            oval oval:com.redhat.rhsa:tst:20110214013
          • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865014
        • AND
          • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.36.b17.el6_0
            oval oval:com.redhat.rhsa:tst:20110214007
          • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865012
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.18.b17.el5
            oval oval:com.redhat.rhsa:tst:20110214016
          • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377003
        • AND
          • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.18.b17.el5
            oval oval:com.redhat.rhsa:tst:20110214024
          • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377011
        • AND
          • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.18.b17.el5
            oval oval:com.redhat.rhsa:tst:20110214020
          • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377005
        • AND
          • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.18.b17.el5
            oval oval:com.redhat.rhsa:tst:20110214018
          • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377007
        • AND
          • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.18.b17.el5
            oval oval:com.redhat.rhsa:tst:20110214022
          • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377009
    rhsa
    id RHSA-2011:0214
    released 2011-02-10
    severity Moderate
    title RHSA-2011:0214: java-1.6.0-openjdk security update (Moderate)
  • bugzilla
    id 674336
    title CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment tomcat5 is earlier than 0:5.5.23-0jpp.17.el5_6
          oval oval:com.redhat.rhsa:tst:20110336002
        • comment tomcat5 is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327003
      • AND
        • comment tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.17.el5_6
          oval oval:com.redhat.rhsa:tst:20110336020
        • comment tomcat5-admin-webapps is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327015
      • AND
        • comment tomcat5-common-lib is earlier than 0:5.5.23-0jpp.17.el5_6
          oval oval:com.redhat.rhsa:tst:20110336008
        • comment tomcat5-common-lib is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327017
      • AND
        • comment tomcat5-jasper is earlier than 0:5.5.23-0jpp.17.el5_6
          oval oval:com.redhat.rhsa:tst:20110336022
        • comment tomcat5-jasper is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327009
      • AND
        • comment tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.17.el5_6
          oval oval:com.redhat.rhsa:tst:20110336004
        • comment tomcat5-jasper-javadoc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327021
      • AND
        • comment tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.17.el5_6
          oval oval:com.redhat.rhsa:tst:20110336012
        • comment tomcat5-jsp-2.0-api is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327013
      • AND
        • comment tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.17.el5_6
          oval oval:com.redhat.rhsa:tst:20110336010
        • comment tomcat5-jsp-2.0-api-javadoc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327023
      • AND
        • comment tomcat5-server-lib is earlier than 0:5.5.23-0jpp.17.el5_6
          oval oval:com.redhat.rhsa:tst:20110336014
        • comment tomcat5-server-lib is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327007
      • AND
        • comment tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.17.el5_6
          oval oval:com.redhat.rhsa:tst:20110336016
        • comment tomcat5-servlet-2.4-api is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327005
      • AND
        • comment tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.17.el5_6
          oval oval:com.redhat.rhsa:tst:20110336018
        • comment tomcat5-servlet-2.4-api-javadoc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327011
      • AND
        • comment tomcat5-webapps is earlier than 0:5.5.23-0jpp.17.el5_6
          oval oval:com.redhat.rhsa:tst:20110336006
        • comment tomcat5-webapps is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327019
    rhsa
    id RHSA-2011:0336
    released 2011-03-09
    severity Important
    title RHSA-2011:0336: tomcat5 security update (Important)
  • rhsa
    id RHSA-2011:0210
  • rhsa
    id RHSA-2011:0211
  • rhsa
    id RHSA-2011:0212
  • rhsa
    id RHSA-2011:0213
  • rhsa
    id RHSA-2011:0282
  • rhsa
    id RHSA-2011:0333
  • rhsa
    id RHSA-2011:0334
  • rhsa
    id RHSA-2011:0880
rpms
  • java-1.6.0-openjdk-1:1.6.0.0-1.36.b17.el6_0
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.36.b17.el6_0
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.36.b17.el6_0
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.36.b17.el6_0
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.36.b17.el6_0
  • java-1.6.0-openjdk-1:1.6.0.0-1.18.b17.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.18.b17.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.18.b17.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.18.b17.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.18.b17.el5
  • tomcat6-0:6.0.24-24.el6_0
  • tomcat6-admin-webapps-0:6.0.24-24.el6_0
  • tomcat6-docs-webapp-0:6.0.24-24.el6_0
  • tomcat6-el-2.1-api-0:6.0.24-24.el6_0
  • tomcat6-javadoc-0:6.0.24-24.el6_0
  • tomcat6-jsp-2.1-api-0:6.0.24-24.el6_0
  • tomcat6-lib-0:6.0.24-24.el6_0
  • tomcat6-log4j-0:6.0.24-24.el6_0
  • tomcat6-servlet-2.5-api-0:6.0.24-24.el6_0
  • tomcat6-webapps-0:6.0.24-24.el6_0
  • tomcat5-0:5.5.23-0jpp.17.el5_6
  • tomcat5-admin-webapps-0:5.5.23-0jpp.17.el5_6
  • tomcat5-common-lib-0:5.5.23-0jpp.17.el5_6
  • tomcat5-jasper-0:5.5.23-0jpp.17.el5_6
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp.17.el5_6
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp.17.el5_6
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.17.el5_6
  • tomcat5-server-lib-0:5.5.23-0jpp.17.el5_6
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp.17.el5_6
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.17.el5_6
  • tomcat5-webapps-0:5.5.23-0jpp.17.el5_6
refmap via4
aixapar
  • IZ94423
  • PM31983
confirm
debian DSA-2161
fedora
  • FEDORA-2011-1231
  • FEDORA-2011-1263
gentoo GLSA-201406-32
hp
  • HPSBMA02642
  • HPSBMU02690
  • HPSBMU02797
  • HPSBMU02799
  • HPSBNS02633
  • HPSBOV02634
  • HPSBOV02762
  • HPSBTU02684
  • HPSBUX02633
  • HPSBUX02641
  • HPSBUX02642
  • HPSBUX02645
  • HPSBUX02725
  • HPSBUX02777
  • HPSBUX02860
  • SSRT100387
  • SSRT100390
  • SSRT100412
  • SSRT100415
  • SSRT100569
  • SSRT100627
  • SSRT100825
  • SSRT100854
  • SSRT100867
  • SSRT101146
mandriva MDVSA-2011:054
misc
sectrack 1025062
secunia
  • 43048
  • 43280
  • 43295
  • 43304
  • 43333
  • 43378
  • 43400
  • 43659
  • 44954
  • 45022
  • 45555
  • 49198
suse
  • SUSE-SA:2011:024
  • SUSE-SU-2011:0823
vupen
  • ADV-2011-0365
  • ADV-2011-0377
  • ADV-2011-0379
  • ADV-2011-0422
  • ADV-2011-0434
  • ADV-2011-0605
Last major update 22-08-2016 - 22:02
Published 17-02-2011 - 14:00
Last modified 30-10-2018 - 12:26
Back to Top