resteasy-base security and bug fix update

3.0.6-4 - Resolves: rhbz1378619 - disable SerializerProvider by default 3.0.6-3 - Resolves: rhbz1357624 - fail to build with java 8 3.0.6-2 - Resolves: rhbz1280539 - fix pom version...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:2726-1)

IBM Java 8 was updated to version 8.0-3.10 to fix the following security issues : - CVE-2016-3485: Unspecified vulnerability allowed local users to affect integrity via vectors related to Networking - CVE-2016-3511: Unspecified vulnerability allowed local users to affect confidentiality, integrit...

Upgrade bundled Java to 8u101+

Oracle's Critical patch update for July includes some "unspecified vulnerability", for example CVE-2016-3552 & CVE-2016-3503, fixes in the "install" component of java that may affect JIRA...

java security update

CentOS Errata and Security Advisory CESA-2016:0513 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

RHEL 7 : java-1.8.0-oracle (RHSA-2016:0516)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0516 advisory. The Java Runtime Environment JRE contains the software and tools that users need to run applets and applications written using the Java programming...

Critical: Red Hat Security Advisory: java-1.8.0-oracle security update

An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which give...

RHEL 7 : java-1.8.0-oracle (RHSA-2016:0055)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0055 advisory. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes severa...

OpenJDK: kerberos realm name leak (JGSS, 8048030)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS...

ZAP 2.4.2 - Penetration Testing Tool for Testing Web Applications

The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...

CVE-2015-1916

Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider...

CVE-2015-1916

Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider...

CVE-2015-1916

CVE-2015-1916 is an IBM Java SSL/TLS (JSSE) related denial-of-service vulnerability. IBM advisories (e.g., IBMs 734104A523B… and related security bulletins) indicate affected IBM Java SDK/JRE versions used in IBM SAN Volume Controller and Storwize family products. The vulnerability allows a remot...

CVE-2015-1916

Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider...

Java exposed a remote code execution vulnerability-vulnerability warning-the black bar safety net

Following the beginning of the month the Java website exposure local file inclusion（LFI）vulnerability, you can read more than 4 6 0 Oracle employees mailbox after. Today Java and exposed a series of security vulnerabilities, the attacker may not be authorized in the case of the victims of the Jav...

Drop SSlv3 retry and copied CustomSSLProtocolSocketFactory.java from SAL

The fix for CONF-24035 introduced a retry with SSLv3 if a connection fails. However, like workaround implemented in SAL-203 there is no need to retry with SSLv3 - instead enabling TLSv1.1 or higher will address the issue. The issue is actually caused by java not following the TLS rfc. When TLSv1....

Drop SSlv3 retry and copied CustomSSLProtocolSocketFactory.java from SAL

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-36250. panel The fix for CONF-24035 introduced a retry with SSLv3 if a connection fails. However, like workaround implemented in...

Disable SSLv3 in outgoing HTTPS connections from Confluence

SSLv3 is an old protocol and has been superseded by TLSv1.0, TLSv1.1 and TLSv1.2. TLSv1.0 was first defined in January 1999 and java 6 supports and uses it as the default client version in TLS handshake. SSLv3 is old and limits the ciphers that can be used. SSLv3 is also vulnerable to POODLE. We...

Disable SSLv3 in outgoing HTTPS connections from Confluence

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-36165. panel SSLv3 is an old protocol and has been superseded by TLSv1.0, TLSv1.1 and TLSv1.2. TLSv1.0 was first defined in...

Disable SSLv3 in outgoing HTTPS connections from Confluence

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-36165. panel SSLv3 is an old protocol and has been superseded by TLSv1.0, TLSv1.1 and TLSv1.2. TLSv1.0 was first defined in...

Disable SSLv3 in outgoing HTTPS connections from Confluence

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-36165. panel SSLv3 is an old protocol and has been superseded by TLSv1.0, TLSv1.1 and TLSv1.2. TLSv1.0 was first defined in...