Lucene search

K
redhatRedHatRHSA-2008:0243
HistoryApr 28, 2008 - 12:00 a.m.

(RHSA-2008:0243) Moderate: java-1.4.2-bea security update

2008-04-2800:00:00
access.redhat.com
8

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.133 Low

EPSS

Percentile

95.0%

The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic JRockit
Virtual Machine 1.4.2_16 and is certified for the Java 2 Platform, Standard
Edition, v1.4.2.

A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)

Please note: This vulnerability can only be triggered in java-1.4.2-bea by
calling the “appletviewer” application.

All java-1.4.2-bea users should upgrade to this updated package which
addresses this vulnerability.

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.133 Low

EPSS

Percentile

95.0%

Related for RHSA-2008:0243