345 matches found
CVE-2010-4351
The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...
CVE-2010-4351
The CVE-2010-4351 issue affects IcedTea JDK/OpenJDK (IcedTea.so) prior to versions 1.7.7, 1.8.4, and 1.9.4, where JNLP SecurityManager’s checkPermission could return instead of throwing an exception in certain circumstances. This can allow context-dependent attackers to bypass the intended securi...
Red Hat OpenJDK IcedTea6 ClassLoader Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Java OpenJDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the IcedTea.so component. Wh...
PT-2011-1514 · Oracle +1 · Icedtea +1
Name of the Vulnerable Software and Affected Versions: IcedTea versions 1.7 through 1.7.6 IcedTea versions 1.8 through 1.8.3 IcedTea versions 1.9 through 1.9.3 Description: The issue allows context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. Th...
Java - RMIConnectionImpl Deserialization Privilege Escalation (Metasploit)
$Id: javarmiconnectionimpl.rb 10490 2010-09-27 00:09:17Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Java RMIConnectionImpl Deserialization Privilege Escalation Exploit
$Id: javarmiconnectionimpl.rb 10257 2010-09-08 15:23:04Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Java RMIConnectionImpl Deserialization Privilege Escalation
This module exploits a vulnerability in the Java Runtime Environment that allows to deserialize a MarshalledObject containing a custom classloader under a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23. This module requires Metasploit:...
OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...
Deserialization of untrusted data
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...
CVE-2010-0094
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...
OpenJDK resurrected classloaders can still have children (6636650)
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650...
OpenJDK resurrected classloaders can still have children (6636650)
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650...
Ubuntu 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-859-1)
Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation in...
OpenJDK resurrected classloaders can still have children (6636650)
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650...
CVE-2009-3881
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650...
Information disclosure
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650...
CVE-2009-3881
CVE-2009-3881 affects Sun Java SE 5.0 (before Update 22) and Java SE 6 (before Update 17), and OpenJDK. The issue is that class loader hierarchy can allow children of a resurrected ClassLoader to exist, enabling a remote attacker to gain privileges via unspecified vectors (information leak vulner...
OpenJDK resurrected classloaders can still have children (6636650)
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650...
CVE-2009-3881
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650...
HP-UX Update for Java VM Classloader (J2SE) HPSBUX00295
Check for the Version of Java VM Classloader J2SE OpenVAS Vulnerability Test HP-UX Update for Java VM Classloader J2SE HPSBUX00295 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...