Java SE AtomicReferenceArray Unsafe Security Bypass

Added: 03/30/2012 CVE: CVE-2012-0507 BID: 52161 OSVDB: 80724 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

Java AtomicReferenceArray Type Violation Vulnerability

This module exploits a vulnerability due to the fact that AtomicReferenceArray uses the Unsafe class to store a reference in an array directly, which may violate type safety if not used properly. This allows a way to escape the JRE sandbox, and load additional classes in order to perform maliciou...

Ubuntu: Security Advisory (USN-1373-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1373-2: OpenJDK 6 (ARM) vulnerabilities

USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM armel. This provides the corresponding OpenJDK 6 update for use with the ARM armel architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Original adviso...

Ubuntu 10.04 LTS / 10.10 / 11.04 : openjdk-6b18 vulnerabilities (USN-1373-2)

USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM armel. This provides the corresponding OpenJDK 6 update for use with the ARM armel architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. It was discover...

Debian DSA-2420-1 : openjdk-6 - several vulnerabilities

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. - CVE-2011-3377 The IcedTea browser plugin included in the openjdk-6 package does not properly enforce the Same Origin Policy on web content served under a domain name which has a common suffix...

java-1.6.0-openjdk security update

1.6.0.0-1.25.1.10.6.0.1.el58 - Add oracle-enterprise.patch 1:1.6.0.0-1.25.1.10.6 - Updated to IcedTea6 1.10.6 - Resolves: rhbz787142 - Security fixes - S7082299: Fix in AtomicReferenceArray - S7088367: Fix issues in java sound - S7110683: Issues with some KeyboardFocusManager method - S7110687:...

DSA-2420-1 openjdk-6 - several

Bulletin has no description...

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : openjdk-6 vulnerabilities (USN-1373-1)

It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. CVE-2011-5035 ATTENTION: this update changes previous Java...

USN-1373-1: OpenJDK 6 vulnerabilities

It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. CVE-2011-5035 ATTENTION: this update changes previous Java...

CVE-2012-0507

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE:...

Fedora 15 : java-1.6.0-openjdk-1.6.0.0-63.1.10.6.fc15 (2012-1721)

The update contains the following security fixes : - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700,...

OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)

Unspecified vulnerability in the Virtual Desktop Infrastructure VDI component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. NOTE: this CVE identifier was accidentally used for a Concurrency issue in...

Important: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:021)

Multiple security issues were identified and fixed in OpenJDK icedtea6 : Fix issues in java sound CVE-2011-3563. Fix in AtomicReferenceArray CVE-2011-3571. Add property to limit number of request headers to the HTTP Server CVE-2011-5035. Incorect checking for graphics rendering object...

OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)

Unspecified vulnerability in the Virtual Desktop Infrastructure VDI component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. NOTE: this CVE identifier was accidentally used for a Concurrency issue in...

OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE:...

CentOS 6 : java-1.6.0-openjdk (CESA-2012:0135)

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

java security update

CentOS Errata and Security Advisory CESA-2012:0135 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring Syste...

Critical: java-1.6.0-openjdk

Issue Overview: It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine JVM, or bypass Java sandbox restrictions...