Attackers Beat Java Default Security Settings with Social Engineering

Oracle’s new security model for Java, in place since the release of Java 7 update 11, is under serious fire now that attackers have demonstrated in the wild how to bypass the updated controls with the help of social engineering. In 7U11, Oracle changed the default security setting in Java from...

Prompted by Oracle Rejection, Researcher Finds Five New Java Sandbox Vulnerabilities

Giving a prolific bug hunter an excuse to go poking deeper into a potential security issue generally doesn’t end well or the vendor in question—in this case Oracle. Polish security firm Security Explorations, noteworthy for its Java security research, said today it reported five new vulnerabiliti...

The Java Zero-Day Procession Continues

After a glorious 72-hour stretch without one, security researchers confirmed yesterday that they found yet another zero-day vulnerability in Oracle’s thoroughly troubled Java platform. With a little help from Hermes Bojaxhi and his team at Cyber Engineering Services, researchers from the security...

CentOS Update for java CESA-2013:0247 centos6

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2013:0247 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

RHEL 6 : java-1.6.0-openjdk (RHSA-2013:0245)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0245 advisory. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check...

RHEL 5 / 6 : java-1.7.0-openjdk (RHSA-2013:0247)

Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

java security update

CentOS Errata and Security Advisory CESA-2013:0245 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring Syste...

OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: th...

OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOT...

OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE...

OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: th...

java-1.7.0-openjdk security update

1.7.0.9-2.3.5.3.0.1.el63 - Update DISTRONAME in specfile 1.7.0.9-2.3.5.3.el63 - Sync logging fixes with upstream icedtea7-forest and jdk7u 1.7.0.9-2.3.5.1.el63 - Removed 6664509 backout and added 8005615 to fix the issue 1.7.0.9-2.3.5.el63.1 - Backed out 6664509 and 7201064.patch which cause...

OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous...

OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOT...

7: bypass of the security level setting in browser plugin (Deployment, SE-2012-01 Issue 53)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and...

OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...

OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOT...

CVE-2013-1489

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and...

Security feature bypass

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than...

CVE-2013-1490

Unspecified vulnerability in Oracle Java SE 7 Update 11 JRE 1.7.011-b21 allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any...