355 matches found
Authorization Bypass
openjdk is vulnerable to authorization bypass. An unspecified vulnerability allows remote attackers to affect integrity via vectors related to JAX-WS...
Information Disclosure
openjdk is vulnerable to information disclosure. An unspecified vulnerability allows remote attackers to affect confidentiality via vectors related to JAX-WS...
Improper Access Control
OpenJDK is vulnerable to improper access control vulnerability. The vulnerability exists in the Java Runtime Environment JRE component in Oracle Java SE. A local user could affect the confidentiality via vector related JAX-WS...
Security Bulletin: Potential MITM attack in Apache CXF used by WebSphere Application Server (CVE-2018-8039)
Summary There is a potential man-in-the-middle attack in Apache CXF used by WebSphere Application Server CVE-2018-8039 Vulnerability Details CVEID: CVE-2018-8039 DESCRIPTION: Apache CXF could allow a remote attacker to conduct a man-in-the-middle attack. The TLS hostname verification does not wor...
cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services
Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service DoS attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.6 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in October 2017. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2017-10345...
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products
Summary Multiple vulnerabilities in the Oracle Java SE and Java SE Embedded components impact the IBM SDK, Java Technology Edition. Vulnerability Details CVEID: CVE-2017-10345 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Serializati...
Security Bulletin: Multiple vulnerabilities in IBM JRE affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs)
Summary There are multiple vulnerabilities in IBM JRE Version 6.0, 7.0 and 8.0 that is used by IBM Tivoli Composite Application Manager for Transactions. These issues were disclosed as part of the IBM JRE updates in Oct 2017. Vulnerability Details CVEID: CVE-2017-10345 DESCRIPTION: An unspecified...
Potential security vulnerability with IBM WebSphere Application Server
Abstract Security Bulletin: Asset and Service Management Products - Potential security exposure when using WS-Security, with either JAX-WS or JAX-RPC, resulting in a user gaining elevated privileges CVE-2011-1377. Content VULNERABILITY DETAILS: CVE ID: CVE-2011-1377 DESCRIPTION: Websphere...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Reporting for Development Intelligence
Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by Rational Reporting for Development Intelligence RRDI. The issues were disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10345 DESCRIPTION: A...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in October 2017. IBM Security Guardium has addressed the se vulnerabilities Vulnerability Details CVEID:...
Security Bulletin: Security Vulnerability in Apache Axis affects IBM WebSphere Dashboard Framework (CVE-2014-3596)
Summary There is an insecure certificate validation CVE-2014-3596 in Apache Axis which is bundled with IBM WebSphere Dashboard Framework. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache Axis which can be used to make web service requests. A vulnerability in Ax...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10345 DESCRIPTION: An...
Security Bulletin: Denial of Service in Apache CXF used by WebSphere Application Server (CVE-2017-12624)
Summary There is a potential denial of service in Apache CXF that is used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-12624 DESCRIPTION: Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could...
Security Bulletin: Possible security exposure with WebSphere Application Server with WS-Security enabled applications using LTPA tokens (PM43585/PM43792/PM45181)
Summary There is a possible security exposure when using WS-Security resulting in a user gaining elevated privileges. This impacts applications using either JAX-WS and JAX-RPC. Vulnerability Details WebSphere Application Server could provide weaker than expected security when using web services...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)
This update for java-170-openjdk fixes the following issues : Security issues fixed : - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...
Security update for java-1_7_0-openjdk (important)
This update for java-170-openjdk fixes the following issues: Security issues fixed: - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...
SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:0005-1)
This update for java-170-openjdk fixes the following issues: Security issues fixed : - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...
EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2017-1331)
According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these...
EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2017-1330)
According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these...