Oracle Java Runtime Environment 'Reflection API'任意代码执行漏洞

Oracle Java Runtime Environment是一款为JAVA应用程序提供可靠的运行环境的解决方案。 Oracle Java SE 7包括最近发布的1.7.021-b11存在一个安全漏洞，允许远程攻击者利用漏洞绕过Java安全沙盒，并以WEB浏览器上下文执行任意代码。 要成功利用此漏洞需要用户有一定的交互，如在显示安全警告窗口时需要用户接受执行潜在恶意Java应用的风险。 根据研究者声称，此漏洞还影响Server JRE 7。 0 Oracle Java SE 7及之前版本 厂商解决方案 目前没有详细解决方案提供： http://www.oracle.com...

Java Runtime Environment Hotspot final field vulnerability

Added: 04/24/2013 CVE: CVE-2013-2423 BID: 59162 OSVDB: 92348 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

Sandbox-Bypass Exploits Hacks Java 7u21 Update

Optimism and praise followed last week’s Java critical patch update. Oracle not only patched 42 vulnerabilities in the Java browser plug-in, but also added new code-signing restrictions and new prompts warning users when applets are potentially malicious. It took less than a week, however, to...

CentOS 6 : java-1.7.0-openjdk (CESA-2013:0751)

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

CentOS Update for java CESA-2013:0752 centos5

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2013:0752 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than...

ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than...

ICU: Layout Engine font processing errors (JDK 2D, 8001031)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous...

OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the...

ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

OpenJDK: remote code loading enabled by default (RMI, 8001040)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related...

JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans...

JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own...

Critical: Red Hat Security Advisory: java-1.6.0-sun security update

Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give...

JDK: multiple unspecified JavaFX vulnerabilities fixed in 7u21 (JavaFX)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX...

JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433...

ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...