OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

PT-2020-3528

Name of the Vulnerable Software and Affected Versions Java SE versions 7u261, 8u251, 11.0.7, and 14.0.1 Java SE Embedded version 8u251 Description The issue is related to insufficient input validation in the JSSE component of Oracle Java SE and Java SE Embedded. This can allow a remote attacker t...

Unspecified Vulnerability in Oracle Java SE and Java SE Embedded (CNVD-2020-72706)

Oracle Java SE and Oracle Java SE Embedded are both products of Oracle Corporation.Oracle Java SE is a Java platform for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle Java SE Embedded is a Java platform that targets Java...

PT-2020-1415

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.5 and 13.0.1 Description The issue is related to a vulnerability in the Java Secure Socket Extension JSSE component of Oracle Java SE, which is difficult to exploit and allows an unauthenticated attacker with network acce...

Security Bulletin: Multiple vulnerabilities exist in the current IBM SDK for Java used in IBM System Networking Switch Center (CVE-2014-0411 & CVE-2014-0460)

Summary IBM System Networking Switch Center ships with IBM Java 7 JRE. Two vulnerabilities are fixed in the April 2014 Critical Patch Update. 1 CVE-2014-0460: JNDI DNS service provider has several implementation flaws that make spoofing DNS responses much easier; 2 CVE-2014-0411: Vulnerability in...

Security Bulletin: Vulnerability in RC4 cipher stream (CVE-2015-2808) and multiple vulnerabilities in IBM SDK Java Technology Edition affects IBM Systems Director.

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition 7 that is used by IBM Systems Director. These issues were disclosed as part of the IBM Java SDK updates in January and April 2015. This bulletin also addresses the RC4 bar mitzvah attack on SSL/TLS. Vulnerability Detail...

OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

USN-3824-1: OpenJDK 7 vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3824-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3824-1 advisory. It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibl...

USN-3804-1: OpenJDK vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, and CVE-2015-0204)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM SDK Java™ Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition April 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVE-2015-0204 was fixed in IBM SDK, Java Technology Edition...

Unspecified Vulnerability in Oracle Java SE JSSE Component

Oracle Java SE is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in the JSSE subcomponent of Oracle Java SE, which can be exploited by a remote attacker to construct a malicious WEB page and tric...

OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720)

A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly...

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066)

It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE...

OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066)

It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE...

OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066)

It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE...

Oracle Java SE Multiple Vulnerabilities -01 Feb 13 (Windows)

This host is installed with Oracle Java SE and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboraclejavasemultvuln01feb13win.nasl 7699 2017-11-08 12:10:34Z santu $ Oracle Java SE Multiple Vulnerabilities -01 Feb 13 Windows Authors: Arun Kallavi Copyright: Copyright c 2013...

HP-UX Update for Java VM (J2SE) or Java Secure Socket Extension (JSSE) Software HPSBUX00280

Check for the Version of Java VM J2SE or Java Secure Socket Extension JSSE Software OpenVAS Vulnerability Test HP-UX Update for Java VM J2SE or Java Secure Socket Extension JSSE Software HPSBUX00280 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...