Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere eXtreme Scale: CVE-2015-0138, CVE-2014-6593, CVE-2015-0410, CVE-2015-0383

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition. These vulnerabilities affect WebSphere eXtreme Scale version 7.1.0, 7.1.1, 8.5, and 8.6. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses t...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2014-3065, CVE-2014-3566, CVE-2014-6457)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM MQ Light. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IB...

Security Bulletin: Multiple vulnerabilities in IBM SDK for Java Technology Edition affect WebSphere Dynamic Process Edition (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3566)

Summary There are multiple vulnerabilities in IBM® SDK for Java™ Technology Edition that is used by WebSphere Dynamic Process Edition. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These issues were disclosed as part of t...

Security Bulletin: Multiple vulnerabilities in IBM SDK for Java Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3566)

Summary There are multiple vulnerabilities in IBM SDK for Java Technology Edition that is used by IBM Business Process Manager and WebSphere Lombardi Edition. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These issues wer...

Security Bulletin: Security vulnerability in current IBM SDK for Java for WebSphere Application Server Community Edition 3.0.0.4 Jan 2014 CPU (CVE-2014-0411)

Summary Security vulnerability exists in the IBM SDK for Java that is shipped with IBM WebSphere Application Server Community Edition 3.0.0.4. Vulnerability Details CVE ID: CVE-2014-0411 DESCRIPTION: The vulnerability can be exploited over the 'SSL/TLS' protocol. This issue affects the 'JSSE'...

openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2015:0774-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2015:0773-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-586) (Bar Mitzvah) (Logjam)

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2015-4760 , CVE-2015-2628 , CVE-2015-4731 , CVE-2015-2590 , CVE-2015-4732 , CVE-2015-4733 A flaw wa...

AIX Java Advisory : java_july2015_advisory.asc (Logjam)

The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities : - Java Security Components store plaintext data in memory dumps, which allows a local attacker to gain access to sensitive information. CVE-2015-1931 - A flaw exists in the readSerialData function i...

Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy Exploit

This Metasploit module exploits an incomplete internal state distinction in Java Secure Socket Extension JSSE by impersonating the server and finishing the handshake before the peers have authenticated themselves and instantiated negotiated security parameters, resulting in a plaintext SSL/TLS...

Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'openssl' class Metasploit3 'Java Secure Socket Extension JSSE SKIP-TLS MITM Proxy', 'Description' = %q This module exploits an incomplete...

SUSE SLED11 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1320-1) (Bar Mitzvah) (Logjam)

OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this...

RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:1526)

The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1526 advisory. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit...

java security update

CentOS Errata and Security Advisory CESA-2015:1526 Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring...

Important: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Updated java-1.8.0-openjdk package fixes security vulnerabilities

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733. A flaw was fou...

Security update for java-1_7_0-openjdk (important)

OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed: CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-570) (Bar Mitzvah) (Logjam)

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2015-4760 , CVE-2015-2628 , CVE-2015-4731 , CVE-2015-2590 , CVE-2015-4732 , CVE-2015-4733 A flaw wa...

Important: java-1.8.0-openjdk

Issue Overview: Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-473...

OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)

A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP addres...