546 matches found
OpenJDK: newline injection in the SMTP client (Networking, 8171533)
A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...
OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)
It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additiona...
OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)
It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3497-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3497-1 advisory. It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an...
OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)
It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...
OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)
It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...
OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)
It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...
Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-3473-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3473-1 advisory. It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an...
OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)
It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additiona...
OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)
It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...
OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)
It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...
CVE-2017-10355
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker...
CVE-2017-10295
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker...
Oracle Java SE, Java SE Embedded and JRockit Component Denial of Service Vulnerability (CNVD-2017-32180)
Oracle Java SE, Java SE Embedded, and JRockit are products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments; Java SE Embedded is a powerful, reliable, and portable...
Virtuozzo 6 : java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc (VZLSA-2017-0180)
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-835)
An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. CVE-2017-3511 It was found that the JAXP component of...
OpenJDK: newline injection in the FTP client (Networking, 8170222)
A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...
OpenJDK: newline injection in the SMTP client (Networking, 8171533)
A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...
OpenJDK: newline injection in the SMTP client (Networking, 8171533)
A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...
OpenJDK: newline injection in the SMTP client (Networking, 8171533)
A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...