Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2010:0130
HistoryMar 03, 2010 - 12:00 a.m.

(RHSA-2010:0130) Moderate: java-1.5.0-ibm security update

2010-03-0300:00:00
access.redhat.com
29

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.922 High

EPSS

Percentile

98.7%

JSON

The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client’s
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker’s request as if authenticated using the
victim’s credentials. (CVE-2009-3555)

This update disables renegotiation in the Java Secure Socket Extension
(JSSE) component. Unsafe renegotiation can be re-enabled using the
com.ibm.jsse2.renegotiate property. Refer to the following Knowledgebase
article for details: http://kbase.redhat.com/faq/docs/DOC-20491

All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, containing the IBM 1.5.0 SR11-FP1 Java release. All running
instances of IBM Java must be restarted for this update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat5s390java-1.5.0-ibm< 1.5.0.11.1-1jpp.3.el5java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el5.s390.rpm
RedHat5ppc64java-1.5.0-ibm-src< 1.5.0.11.1-1jpp.3.el5java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el5.ppc64.rpm
RedHat5i386java-1.5.0-ibm-jdbc< 1.5.0.11.1-1jpp.3.el5java-1.5.0-ibm-jdbc-1.5.0.11.1-1jpp.3.el5.i386.rpm
RedHat5x86_64java-1.5.0-ibm-javacomm< 1.5.0.11.1-1jpp.3.el5java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el5.x86_64.rpm
RedHat5s390java-1.5.0-ibm-src< 1.5.0.11.1-1jpp.3.el5java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el5.s390.rpm
RedHat5i386java-1.5.0-ibm-src< 1.5.0.11.1-1jpp.3.el5java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el5.i386.rpm
RedHat5ppcjava-1.5.0-ibm-demo< 1.5.0.11.1-1jpp.3.el5java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el5.ppc.rpm
RedHat5ppc64java-1.5.0-ibm-javacomm< 1.5.0.11.1-1jpp.3.el5java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el5.ppc64.rpm
RedHat5s390xjava-1.5.0-ibm-accessibility< 1.5.0.11.1-1jpp.3.el5java-1.5.0-ibm-accessibility-1.5.0.11.1-1jpp.3.el5.s390x.rpm
RedHat5ppc64java-1.5.0-ibm-demo< 1.5.0.11.1-1jpp.3.el5java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el5.ppc64.rpm
Rows per page:
1-10 of 371

Related

nessus 49
suse 3
openvas 45
securityvulns 7
centos 1
oraclelinux 1
ubuntu 2
fedora 7
redhat 9
gentoo 1
ubuntucve 11
prion 11
cve 12
veracode 12
cert 1
saint 8
packetstorm 2
canvas 1
symantec 1
metasploit 1
seebug 3
checkpoint_advisories 2
zdi 3
exploitpack 1
altlinux 1
debian 2
hackerone 1
mozilla 1
nessus
nessus
RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0130)
2010-03-04 00:00:00
SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 7077)
2010-10-11 00:00:00
SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12623)
2010-07-07 00:00:00
suse
suse
remote code execution in java-1_5_0-ibm
2010-07-06 17:26:45
remote code execution in java-1_6_0-ibm
2010-07-01 17:43:53
man-in-the-middle attack in openssl
2009-11-18 09:50:39
openvas
openvas
CentOS Update for java CESA-2010:0339 centos5 i386
2011-08-09 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2010:0339-01
2010-04-06 00:00:00
Ubuntu Update for openjdk-6 vulnerabilities USN-923-1
2010-04-09 00:00:00
securityvulns
securityvulns
[USN-923-1] OpenJDK vulnerabilities
2010-04-07 00:00:00
Oracle Sun Java multiple security vulnerabilities
2010-04-07 00:00:00
ZDI-10-055: Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability
2010-04-06 00:00:00
centos
centos
java security update
2010-06-12 15:56:24
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2010-04-08 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2010-04-07 00:00:00
Apache vulnerability
2010-09-21 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc13
2010-04-09 21:05:39
[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-34.b17.fc11
2010-04-09 01:32:00
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc12
2010-04-09 01:28:22
redhat
redhat
(RHSA-2010:0339) Important: java-1.6.0-openjdk security update
2010-03-31 00:00:00
(RHSA-2010:0383) Critical: java-1.6.0-ibm security update
2010-04-29 00:00:00
(RHSA-2010:0471) Low: Red Hat Network Satellite Server IBM Java Runtime security update
2010-06-14 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2010-06-04 00:00:00
ubuntucve
ubuntucve
CVE-2010-0088
2010-04-01 00:00:00
CVE-2010-0084
2010-04-01 00:00:00
CVE-2010-0085
2010-04-01 00:00:00
prion
prion
Design/Logic Flaw
2010-04-01 16:30:00
Design/Logic Flaw
2010-04-01 16:30:00
Design/Logic Flaw
2010-04-01 16:30:00
cve
cve
CVE-2010-0088
2010-04-01 16:30:00
CVE-2010-0084
2010-04-01 16:30:00
CVE-2010-0091
2010-04-01 16:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:45:50
Privilege Escalation
2020-04-10 00:45:50
Privilege Escalation
2020-04-10 00:45:50
cert
cert
Oracle Sun Java fails to properly validate Java applet signatures
2010-04-02 00:00:00
saint
saint
Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow
2010-04-22 00:00:00
Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow
2010-04-22 00:00:00
Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow
2010-04-22 00:00:00
packetstorm
packetstorm
Java RMIConnectionImpl Deserialization Privilege Escalation Exploit
2010-09-09 00:00:00
Month Of Abysssec Undisclosed Bugs - Java CMM
2010-09-21 00:00:00
canvas
canvas
Immunity Canvas: JAVA_DESERIALIZE2
2010-04-01 16:30:00
symantec
symantec
Oracle Java SE and Java for Business CVE-2010-0094 Remote Java Runtime Environment Vulnerability
2010-03-30 00:00:00
metasploit
metasploit
Java RMIConnectionImpl Deserialization Privilege Escalation
2010-09-08 08:20:55
seebug
seebug
Java RMIConnectionImpl Deserialization Privilege Escalation Exploit
2014-07-01 00:00:00
Java CMM readMabCurveData - Stack Overflow
2014-07-01 00:00:00
ProFTPD TLS会话重协商明文数据注入漏洞
2009-12-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java Soundbank Resource Name Stack Buffer Overflow (CVE-2010-0839)
2010-05-26 00:00:00
Oracle Java Runtime CMM readMabCurveData Buffer Overflow (CVE-2010-0838)
2010-10-03 00:00:00
zdi
zdi
Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability
2010-04-05 00:00:00
Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability
2010-04-05 00:00:00
Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability
2010-04-05 00:00:00
exploitpack
exploitpack
Java 6.19 CMM readMabCurveData - Remote Stack Overflow
2010-09-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.8l-alt1
2009-11-07 00:00:00
debian
debian
[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw
2011-01-05 23:20:31
[SECURITY] [DSA-2141-4] New lighttpd packages fix regression
2011-01-12 18:51:18
hackerone
hackerone
LocalTapiola: Secure Client-Initiated Renegotiation
2017-12-27 15:57:52
mozilla
mozilla
Update NSS to support TLS renegotiation indication — Mozilla
2010-03-30 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.922 High

EPSS

Percentile

98.7%

JSON
Related for RHSA-2010:0130
nessus49suse3openvas45securityvulns7centos1oraclelinux1ubuntu2fedora7redhat9gentoo1ubuntucve11prion11cve12veracode12cert1saint8packetstorm2canvas1symantec1metasploit1seebug3checkpoint_advisories2zdi3exploitpack1altlinux1debian2hackerone1mozilla1