345 matches found
OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
USN-3130-1 openjdk-7 vulnerabilities
It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. CVE-2016-5542 It was discovered that the JMX component of OpenJDK did not...
OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
Ubuntu: Security Advisory (USN-3121-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3121-1: OpenJDK 8 vulnerabilities
It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An attacker could use this to bypass Java sandbox restrictions. CVE-2016-5582 It was discovered that OpenJDK did not restrict the set of algorithms used for...
OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
GLSA-201607-09 : Commons-BeanUtils: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201607-09 Commons-BeanUtils: Arbitrary code execution Apache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader. Impact : Remote attackers could potentially execute arbitra...
Updated struts packages fix security vulnerabilities
Updated struts packages fix security vulnerabilities: A vulnerability in Apache Struts 1 ActionForm allowing unintended remote operations against components on server memory, such as Servlets and ClassLoader, was found CVE-2016-1181. It was reported that The Apache Struts 1 Validator contains a...
JVN#03188560: Apache Struts 1 vulnerability that allows unintended remote operations against components on memory
The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met: Condition 1: When the following ActionForm including its subclasses are in the session...
Oracle: Security Advisory (ELSA-2014-0474)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mail.ru: Possible xWork classLoader RCE: shared.mail.ru
Ее похоже аффектит https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2014-05-21 classLoader пролетает, то есть фикса на уровне регулярок нет версия в уязвимом скоупе Я конечно попробую в выходные реально код исполнить, но по внешним признакам оно там есть Все версии меньше...
Oracle WebCenter Sites Multiple Vulnerabilities (April 2015 CPU)
The Oracle WebCenter Sites installed on the remote host is missing patches from the April 2015 CPU. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker,...
MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities
According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted...