GHSA-X44X-R84W-8V67 Lack of URL normalization may lead to authorization bypass when URL access rules are used

Impact When access rules are used inside a protected host, some URL encodings may bypass filtering system. Patches Version 0.5.2 includes a patch that fixes the vulnerability Workarounds No way for users to fix or remediate the vulnerability without upgrading References...

Lack of URL normalization may lead to authorization bypass when URL access rules are used

Impact When access rules are used inside a protected host, some URL encodings may bypass filtering system. Patches Version 0.5.2 includes a patch that fixes the vulnerability Workarounds No way for users to fix or remediate the vulnerability without upgrading References...

SUSE-SU-2020:0456-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 bsc1162972, bsc1160968. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport bsc1162972. - CVE-2020-2593: Fixed an incorrect check in...

OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2020:0456-1)

This update for java-171-ibm fixes the following issues : Java was updated to 7.1 Service Refresh 4 Fix Pack 60 bsc1162972, bsc1160968. Security issues fixed : CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport bsc1162972. CVE-2020-2593: Fixed an incorrect check in...

SUSE-SU-2020:14287-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 bsc1162972, bsc1160968. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport bsc1162972. - CVE-2020-2593: Fixed an incorrect check in...

SUSE-SU-2020:14286-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues: Java was updated to 7.0 Service Refresh 10 Fix Pack 60 bsc1162972, bsc1160968. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport bsc1162972. - CVE-2020-2593: Fixed an incorrect check in...

OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2020-0541)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0541 advisory. 1:1.7.0.251-2.6.21.0.0.1 - Update DISTRONAME in specfile 1:1.7.0.251-2.6.21.0 - Bump to 2.6.21 and OpenJDK 7u251-b02. - Resolves: rhbz1785753 Tenable h...

OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

MGASA-2020-0069 Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base Security, 8226352 CVE-2020-2590 Incorrect exception processing during deserialization in BeanContextSupport Serialization, 8224909 CVE-2020-2583 Incorrect isBuiltinStreamHandler causing UR...

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base Security, 8226352 CVE-2020-2590 Incorrect exception processing during deserialization in BeanContextSupport Serialization, 8224909 CVE-2020-2583 Incorrect isBuiltinStreamHandler causing UR...

RHEL 8 : java-1.8.0-openjdk (RHSA-2020:0231)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0231 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...