SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:2286-1)

IBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues bsc992537. Security issues fixed: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Note that Tenable Network Security has extracted the preceding...

java security update

CentOS Errata and Security Advisory CESA-2016:0054 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...

OpenJDK: kerberos realm name leak (JGSS, 8048030)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS...

RHEL 7 : java-1.7.0-oracle (RHSA-2015:1927)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1927 advisory. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes severa...

SUSE: Security Advisory for IBM Java (SUSE-SU-2014:0733-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory for IBM Java (SUSE-SU-2014:0733-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2015:1485)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1485 advisory. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes...

SysAid Help Desk 'rdslogs' - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'zlib' class Metasploit3 "SysAid Help Desk 'rdslogs' Arbitrary File Upload", 'Description' = %q This module exploits a file upload vulnerabilit...

SysAid Help Desk 'rdslogs' Arbitrary File Upload

This module exploits a file upload vulnerability in SysAid Help Desk v14.3 and v14.4. The vulnerability exists in the RdsLogsEntry servlet which accepts unauthenticated file uploads and handles zip file contents in an insecure way. By combining both weaknesses, a remote attacker can accomplish...

SysAid Help Desk 'rdslogs' Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'zlib' class Metasploit3 "SysAid Help Desk 'rdslogs' Arbitrary File Upload", 'Description' = %q This module exploits a file upload vulnerabilit...

RHEL 7 : java-1.7.0-oracle (RHSA-2015:1242)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1242 advisory. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes severa...

java security update

CentOS Errata and Security Advisory CESA-2015:1230 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...

Critical: Red Hat Security Advisory: java-1.7.0-oracle security update

Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Update Java version bundled in the installer

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-37164. panel The version of Java bundled with Confluence is 1.7.015 which is a little bit dated February 2013. We should bundle...

Drop SSlv3 retry and copied CustomSSLProtocolSocketFactory.java from SAL

The fix for CONF-24035 introduced a retry with SSLv3 if a connection fails. However, like workaround implemented in SAL-203 there is no need to retry with SSLv3 - instead enabling TLSv1.1 or higher will address the issue. The issue is actually caused by java not following the TLS rfc. When TLSv1....

Drop SSlv3 retry and copied CustomSSLProtocolSocketFactory.java from SAL

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-36250. panel The fix for CONF-24035 introduced a retry with SSLv3 if a connection fails. However, like workaround implemented in...

java-1.7.0-openjdk security update

1:1.7.0.75-2.5.4.0.0.1.el511 - Add oracle-enterprise.patch - Fix DISTRONAME to 'Oracle Linux' 1:1.7.0.75-2.5.4.0 - Bump to 2.5.4 using OpenJDK 7u75 b13. - Fix elliptic curve list as part of fsg.sh - Resolves: rhbz1180294...

CentOS 5 : java-1.7.0-openjdk (CESA-2015:0068) (POODLE)

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

Disable SSLv3 in outgoing HTTPS connections from Confluence

SSLv3 is an old protocol and has been superseded by TLSv1.0, TLSv1.1 and TLSv1.2. TLSv1.0 was first defined in January 1999 and java 6 supports and uses it as the default client version in TLS handshake. SSLv3 is old and limits the ciphers that can be used. SSLv3 is also vulnerable to POODLE. We...

Disable SSLv3 in outgoing HTTPS connections from Confluence

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-36165. panel SSLv3 is an old protocol and has been superseded by TLSv1.0, TLSv1.1 and TLSv1.2. TLSv1.0 was first defined in...