Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems, AIX-based, and Windows-based deployments for IBM PureApplication System

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, used by the OS Images for IBM PureApplication System. Java 7 is used by IBM Base OS images. These issues were disclosed as part of the IBM Java SDK updates in April 2018. IBM OS Image for Red Hat Lin...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition,Version 6.0, 7.0 that is used by IBM Tivoli Composite Application Manager for Transactions. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Content Collector for SAP Applications (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Content Collector for SAP Applications. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION:The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker...

Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine (CVE-2015-7575)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 that are used by Rational Publishing Engine. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID:...

Security Bulletin: Vulnerability in IBM Java SDK affects Rational Service Tester (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Version 5, 6 and 7 that is used by Rational Service Tester related to the use of TLS/SSL. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2014-3566, CVE-2014-6457, CVE-2014-6593, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Version 5, 6 and 7 that is used by Rational Service Tester. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IBM Java SDK updat...

Security Bulletin: Security vulnerability in Oracle Java 7 impacts IBM Rational Change (CVE-2013-0422)

Summary Potential security vulnerability issues may occur if you are using the Oracle Java 7 updates reported in Oracle Security Alert for CVE-2013-0422 when using IBM Rational Change product. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts...

Security Bulletin: Security vulnerability in Oracle Java 7 impacts IBM Rational Collaborative Lifecycle Management products (CVE-2013-0422)

Summary Potential security vulnerability issues may occur if you are using the Oracle Java 7 updates reported in Oracle Security Alert for CVE-2013-0422 when using IBM Collaborative Lifecycle Management CLM products Rational Quality Manager, Rational Team Concert and Rational Requirements Compose...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services ( CVE-2016-0466, CVE-2015-7575 )

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 that is used by Financial Transaction Manager for ACH Services, Check Services, and Corporate Payment Services. These issues were disclosed as part of the IBM Java SDK updates in January 2016...

Security Bulletin: Multiple Security vulnerabilities have been identified in IBM Java SDK shipped with WebSphere Application Server Community Edition

Summary IBM Java SDK is shipped as a component of WebSphere Application Server Community Edition 3.0.0.4. Information about multiple security vulnerabilities affecting IBM Java SDK have been published in a security bulletin. Vulnerability Details Please consult the security bulletin Multiple...

Security Bulletin: Multiple Security vulnerabilities have been identified in IBM Java SDK shipped with WebSphere Application Server Community Edition

Summary IBM Java SDK is shipped as a component of WebSphere Application Server Community Edition 3.0.0.4. Information about multiple security vulnerabilities affecting IBM Java SDK have been published in a security bulletin. These issues were disclosed as part of the IBM Java SDK updates in April...

Security Bulletin: Multiple Security vulnerabilities have been identified in IBM Java SDK shipped with WebSphere Application Server Community Edition

Summary IBM Java SDK is shipped as a component of WebSphere Application Server Community Edition 3.0.0.4. Information about multiple security vulnerabilities affecting IBM Java SDK have been published in a security bulletin. Vulnerability Details Please consult the security bulletin Multiple...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Operational Decision Manager (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Operational Decision Manager. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...

Apktool - A Tool For Reverse Engineering Android APK Files

A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like...

Reverse Engineering Android apk Files: Apktool

ApkTool is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like fil...

AndroTickler - Penetration Testing and Auditing Toolkit for Android Apps

A java tool that helps to pentest Android apps faster, more easily and more efficiently. AndroTickler offers many features of information gathering, static and dynamic checks that cover most of the aspects of Android apps pentesting. It also offers several features that pentesters need during the...

java security update

CentOS Errata and Security Advisory CESA-2017:3392 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS...

ArcGIS Server 10.3.1: RMIClassLoader RCE

Using an Esri-provided image on Azure's Marketplace, ArcGIS Server 10.3.1 started Java's rmid on port 1098 and explicitly set the property java.rmi.server.useCodebaseOnly equal to false. Screenshot: https://www.dropbox.com/s/xz9ugal3ixnfh1c/10.3.1rmiduseCodebaseOnly%3Dfalse.png?dl=0 As discussed ...

ArcGIS Server 10.3.1 RMIClassLoader useCodebaseOnly=false Code Execution Exploit

ArcGIS Server version 10.3.1 suffers from an RMIClassLoader useCodebaseOnly=false remote code execution vulnerability. Using an Esri-provided image on Azure's Marketplace, ArcGIS Server 10.3.1 started Java's rmid on port 1098 and explicitly set the property java.rmi.server.useCodebaseOnly equal t...

Apache logging component Log4j deserialization vulnerability affects all 2. x version-bug warning-the black bar safety net

! Open source stuff with more people, natural vulnerability. Apache for logging component Log4j to use the very flexible, in quite a lot of open source projects are using this exploit affects all Apache Log4j 2. Series version: Apache Log4j 2.0-alpha1 – Apache Log4j 2.8.1 using Java 7+users shoul...