CVE-2006-5201

Multiple packages on Sun Solaris, including 1 NSS; 2 Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.212, and SDK and JRE 1.3.x up to 1.3.119; 3 JSSE 1.0.303 and earlier; 4 IPSec/IKE; 5 Secure Global Desktop; and 6 StarOffice, when using an RSA key with exponent 3, removes...

CVE-2006-5201

CVE-2006-5201 affects Sun Solaris components (notably NSS, NSS-based libraries, Java JDK/JRE, JSSE, IPSec/IKE, and related Sun products). The root cause is when using an RSA key with exponent 3 that removes PKCS #1 padding prior to hash generation, enabling remote attackers to forge a PKCS #1 v1....

Design/Logic Flaw

Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.116 and 1.4.x through 1.4.208 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue."...

CVE-2006-0615

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.209 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues."...

CVE-2006-0616

Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."...

CVE-2006-0617

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues."...

CVE-2006-0616

Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."...

CVE-2006-0617

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues."...

[SA18762] Java Web Start Sandbox Security Bypass Vulnerability

TITLE: Java Web Start Sandbox Security Bypass Vulnerability SECUNIA ADVISORY ID: SA18762 VERIFY ADVISORY: http://secunia.com/advisories/18762/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Java Web Start 1.x http://secunia.com/product/1005/ Sun Java JDK 1.5.x...

FreeBSD : jdk -- jar directory traversal vulnerability (18e5428f-ae7c-11d9-837d-000e0c2e438a)

Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system. The jar tool does not check properly if the files to be extracted have the string '../' on its names, so it's possible for an attacker to create a malicio...

[SA14902] Sun Java JDK/SDK Jar Directory Traversal Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Sun Java JDK/SDK Jar Directory Traversal Vulnerability...

Sun Java: Web Start argument injection vulnerability

Background Sun provides implementations of Java Development Kits JDK and Java Runtime Environments JRE. These implementations provide the Java Web Start technology that can be used for easy client-side deployment of Java applications. Description Jouko Pynnonen discovered that Java Web Start...