CERTA-2011-AVI-079
Vulnerability from certfr_avis
Une vulnérabilité affecte plusieurs implémentations de Java, elle permet un déni de service à distance.
Description
Une vulnérabilité concernant le traitement de certaines valeurs en virgule flottante affecte plusieurs implémentations de Java. Elle permet à un utilisateur malintentionné de provoquer un déni de service au moyen d'une valeur spécifique.
Solution
Se référer aux bulletins de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Java SE | Java SE, JDK 5.0 mise à jour 27 et versions antérieures pour Solaris 9 ; | ||
| IBM | N/A | Hitachi JP1/Cm2/SNMP System Observer ; | ||
| IBM | WebSphere | IBM WebSphere Application Server 6.0.x, 6.1.x et 7.0.x ; | ||
| Microsoft | Windows | Java for Business, JDK et JRE 5.0 mise à jour 27 et versions antérieures pour Windows Solaris et Linux ; | ||
| Microsoft | Windows | Java for Business, JDK et JRE 6 mise à jour 23 et versions antérieures pour Windows Solaris et Linux ; | ||
| N/A | N/A | Hitachi JP1/Performance Management (PFM) ; | ||
| IBM | N/A | IBM WebSphere Portal 6.x et 7.x ; | ||
| N/A | N/A | Hitachi JP1/Automatic Job Management System ; | ||
| IBM | Tivoli | Tivoli Directory Server 5.1.3.2, 6.1, 6.1.1, 6.1.1.1 et 6.1.1.2 ; | ||
| N/A | N/A | HP-UX 11.11, 11.23 et 11.31 ; | ||
| IBM | N/A | Hitachi JP1/Cm2/Network Node Manager ; | ||
| N/A | N/A | Hitachi JP1/ServerConductor/Control Manager. | ||
| Oracle | Java SE | Java SE, JDK et JRE 6 mise à jour 23 et versions antérieures pour Windows, Solaris et Linux ; | ||
| Oracle | Java SE | Java SE, SDK 1.4.2_29 et versions antérieures pour Solaris 8 ; | ||
| N/A | N/A | Hitachi JP1/IT Ressource Management ; | ||
| Microsoft | Windows | Java for Business, SDK et JRE 1.4.2_29 et versions antérieures pour Windows Solaris et Linux ; | ||
| N/A | N/A | Hitachi JP1/Integrated Management (IM) ; | ||
| IBM | N/A | IBM CICS Transaction Server 3.1, 3.2 et 4.1 ; |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Java SE, JDK 5.0 mise \u00e0 jour 27 et versions ant\u00e9rieures pour Solaris 9 ;",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Hitachi JP1/Cm2/SNMP System Observer ;",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server 6.0.x, 6.1.x et 7.0.x ;",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Java for Business, JDK et JRE 5.0 mise \u00e0 jour 27 et versions ant\u00e9rieures pour Windows Solaris et Linux ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Java for Business, JDK et JRE 6 mise \u00e0 jour 23 et versions ant\u00e9rieures pour Windows Solaris et Linux ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Hitachi JP1/Performance Management (PFM) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "IBM WebSphere Portal 6.x et 7.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Hitachi JP1/Automatic Job Management System ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Tivoli Directory Server 5.1.3.2, 6.1, 6.1.1, 6.1.1.1 et 6.1.1.2 ;",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "HP-UX 11.11, 11.23 et 11.31 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Hitachi JP1/Cm2/Network Node Manager ;",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Hitachi JP1/ServerConductor/Control Manager.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Java SE, JDK et JRE 6 mise \u00e0 jour 23 et versions ant\u00e9rieures pour Windows, Solaris et Linux ;",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Java SE, SDK 1.4.2_29 et versions ant\u00e9rieures pour Solaris 8 ;",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Hitachi JP1/IT Ressource Management ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Java for Business, SDK et JRE 1.4.2_29 et versions ant\u00e9rieures pour Windows Solaris et Linux ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Hitachi JP1/Integrated Management (IM) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "IBM CICS Transaction Server 3.1, 3.2 et 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 concernant le traitement de certaines valeurs en\nvirgule flottante affecte plusieurs impl\u00e9mentations de Java. Elle permet\n\u00e0 un utilisateur malintentionn\u00e9 de provoquer un d\u00e9ni de service au moyen\nd\u0027une valeur sp\u00e9cifique.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-4476",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
}
],
"initial_release_date": "2011-02-10T00:00:00",
"last_revision_date": "2011-05-17T00:00:00",
"links": [
{
"title": "Bulletins de s\u00e9curit\u00e9 IBM i5/OS et IBM OS/400 du 19 f\u00e9vrier 2011 :",
"url": "http://www.ibm.com/support/docview.wss?uid=nas2a5e8722f285b693586257837004234f7"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 IBM i5/OS et IBM OS/400 du 19 f\u00e9vrier 2011 :",
"url": "http://www.ibm.com/support/docview.wss?uid=nas24394745ae41518b88625783700423513"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21174615 du 31 mars 2011:",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21474615"
},
{
"title": "Bulletin de s\u00e9curti\u00e9 HP OpenView Network Node Manager :",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02738573"
},
{
"title": "Avis de mise \u00e0 jour Oracle concernant la r\u00e9f\u00e9rence CVE CVE-2010-4476 du 08 f\u00e9vrier 2011 :",
"url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 IBM i5/OS et IBM OS/400 du 19 f\u00e9vrier 2011 :",
"url": "http://www.ibm.com/support/docview.wss?uid=nas2bbd9eef75e33a6ec862578370042350b"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 IBM i5/OS et IBM OS/400 du 19 f\u00e9vrier 2011 :",
"url": "http://www.ibm.com/support/docview.wss?uid=nas274b0e6114eba807a8625783700423519"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 IBM i5/OS et IBM OS/400 du 19 f\u00e9vrier 2011 :",
"url": "http://www.ibm.com/support/docview.wss?uid=nas2e3651fd2836659b88625783700423505"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 IBM i5/OS et IBM OS/400 du 19 f\u00e9vrier 2011 :",
"url": "http://www.ibm.com/support/docview.wss?uid=nas22c04013ef2a6aba98625783700423520"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 IBM i5/OS et IBM OS/400 du 19 f\u00e9vrier 2011 :",
"url": "http://www.ibm.com/support/docview.wss?uid=nas239097234bdef0f0086257837004234ff"
}
],
"reference": "CERTA-2011-AVI-079",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-02-10T00:00:00.000000"
},
{
"description": "ajout pour IBM Java, IBM WebSphere Application Server, et IBM Websphere Portal.",
"revision_date": "2011-02-16T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 IBM i5/OS et IBM OS/400.",
"revision_date": "2011-02-22T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 IBM CICS.",
"revision_date": "2011-02-24T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 HP c02729756.",
"revision_date": "2011-03-01T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin HP OpenView Network Node Manager.",
"revision_date": "2011-03-11T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin IBM swg21474615 Tivoli Directory Server.",
"revision_date": "2011-04-05T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin Hitachi HS11-008.",
"revision_date": "2011-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 affecte plusieurs impl\u00e9mentations de Java, elle permet\nun d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans plusieurs impl\u00e9mentations de Java",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de mise \u00e0 jour Oracle concernant la r\u00e9f\u00e9rence CVE CVE-2010-4476",
"url": null
},
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 IBM Java IZ94331, IZ94423, et PM31983",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1PM31983"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM CICS 1462384",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21462384"
},
{
"published_at": null,
"title": "et PM32387",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21462136"
},
{
"published_at": null,
"title": "PM32175, PM32192, PM32173, PM32184, PM32194, PM32238, PM32254, PM32272,",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21474615 du 31 mars 2011",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c02729756 du 23 f\u00e9vrier 2011",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02729756"
},
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 IBM WebSphere Application Server Java PM32177,",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Hitachi HS11-008 du 16 mai 2011",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-008/index.html"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…