- Home
- CVEs with nessus.description==USN+1373-1+fixed+vulnerabilities+in+OpenJDK+6+in+Ubuntu+10.04+LTS%2C+Ubuntu+10.10+and+Ubuntu+11.04+for+all+architectures+except+for+ARM+%28armel%29.+This+provides+the+corresponding+OpenJDK+6+update+for+use+with+the+ARM+%28armel%29+architecture+in+Ubuntu+10.04+LTS%2C+Ubuntu+10.10+and+Ubuntu+11.04.%0A%0AIt+was+discovered+that+the+Java+HttpServer+class+did+not+limit+the+number+of+headers+read+from+a+HTTP+request.+A+remote+attacker+could+cause+a+denial+of+service+by+sending+special+requests+that+trigger+hash+collisions+predictably.+%28CVE-2011-5035%29%0A%0AATTENTION%3A+this+update+changes+previous+Java+HttpServer+class+behavior+by+limiting+the+number+of+request+headers+to+200.+This+may+be+increased+by+adjusting+the+sun.net.httpserver.maxReqHeaders+property.%0A%0AIt+was+discovered+that+the+Java+Sound+component+did+not+properly+check+buffer+boundaries.+A+remote+attacker+could+use+this+to+cause+a+denial+of+service+or+view+confidential+data.+%28CVE-2011-3563%29%0A%0AIt+was+discovered+that+the+Java2D+implementation+does+not+properly+check+graphics+rendering+objects+before+passing+them+to+the+native+renderer.+A+remote+attacker+could+use+this+to+cause+a+denial+of+service+or+to+bypass+Java+sandbox+restrictions.+%28CVE-2012-0497%29%0A%0AIt+was+discovered+that+an+off-by-one+error+exists+in+the+Java+ZIP+file+processing+code.+An+attacker+could+us+this+to+cause+a+denial+of+service+through+a+maliciously+crafted+ZIP+file.+%28CVE-2012-0501%29%0A%0AIt+was+discovered+that+the+Java+AWT+KeyboardFocusManager+did+not+properly+enforce+keyboard+focus+security+policy.+A+remote+attacker+could+use+this+with+an+untrusted+application+or+applet+to+grab+keyboard+focus+and+possibly+expose+confidential+data.+%28CVE-2012-0502%29%0A%0AIt+was+discovered+that+the+Java+TimeZone+class+did+not+properly+enforce+security+policy+around+setting+the+default+time+zone.+A+remote+attacker+could+use+this+with+an+untrusted+application+or+applet+to+set+a+new+default+time+zone+and+bypass+Java+sandbox+restrictions.+%28CVE-2012-0503%29%0A%0AIt+was+discovered+the+Java+ObjectStreamClass+did+not+throw+an+accurately+identifiable+exception+when+a+deserialization+failure+occurred.+A+remote+attacker+could+use+this+with+an+untrusted+application+or+applet+to+bypass+Java+sandbox+restrictions.+%28CVE-2012-0505%29%0A%0AIt+was+discovered+that+the+Java+CORBA+implementation+did+not+properly+protect+repository+identifiers+on+certain+CORBA+objects.+A+remote+attacker+could+use+this+to+corrupt+object+data.+%28CVE-2012-0506%29%0A%0AIt+was+discovered+that+the+Java+AtomicReferenceArray+class+implementation+did+not+properly+check+if+an+array+was+of+the+expected+Object%5B%5D+type.+A+remote+attacker+could+use+this+with+a+malicious+application+or+applet+to+bypass+Java+sandbox+restrictions.+%28CVE-2012-0507%29.%0A%0ANote+that+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+Ubuntu+security+advisory.+Tenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top