RHEL 6 : JBoss Enterprise Application Platform 5.1.1 update (Important) (RHSA-2011:0946)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0946 advisory. JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. JBoss Enterprise Application...

RHEL 4 / 5 : jboss-seam2 (RHSA-2010:0564)

Updated jboss-seam2 packages that fix one security issue are now available for JBoss Enterprise Application Platform 4.3 for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...

OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security...

OpenJDK: JSSE denial of service (JSSE, 7186286)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect availability, related to JSSE...

VulnCheck KEV: CVE-2012-5076

The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: JSSE denial of service (JSSE, 7186286)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect availability, related to JSSE...

java security update

CentOS Errata and Security Advisory CESA-2012:1384 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring Syste...

OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

java-1.6.0-openjdk security update

1:1.6.0.0-1.28.1.10.10.0.1.el58 - Add oracle-enterprise.patch 1:1.6.0.0-1.28.1.10.10 - Updated to IcedTea6 1.10.10 - Resolves rhbzs 856124, 865346, 865348, 865350, 865352, 865354, 865357, 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514, 865519, 865531, 865541, 865568...

java-1.7.0-openjdk security update

1.7.0.5-2.2.1.0.1.el63.3 - Modify DISTRONAME for Oracle 1.7.0.5-2.2.1.el6.3 - Removed patch 304 java-1.7.0-openjdk-beans-isPackageAccessible.patch - Applied upstream patches for same issue: patch 1001 sec-webrevs-openjdk7-29aug2012-7162473.patch patch 1002...

Oracle Java findMethod findClass Security Bypass

Added: 08/30/2012 CVE: CVE-2012-4681 BID: 55213 OSVDB: 84867 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Immunity Canvas: JAVA_FORNAME_GETFIELD

Name| javaforNamegetField ---|--- CVE| CVE-2012-4681 Exploit Pack| CANVAS Description| Java forName/getField Method Invocation Sandbox Bypass Notes| CVE Name: CVE-2012-4681 VENDOR: Sun Notes: There is a method invocation vulnerability using sun.awt.SunToolkit.getField This vulnerability can then ...

Fedora 17 : java-1.7.0-openjdk-1.7.0.3-2.2.1.fc17.8 (2012-9590)

S7079902, CVE-2012-1711: Refine CORBA data models S7110720: Issue with vm config file loadingIssue with vm config file loading S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. S7143614, CVE-2012-1716: SynthLookAndFeel stability improveme...

java security update

CentOS Errata and Security Advisory CESA-2012:0730 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring Syst...

Immunity Canvas: JAVA_ATOMICREFERENCEARRAY

Name| javaAtomicReferenceArray ---|--- CVE| CVE-2012-0507 Exploit Pack| CANVAS Description| Java AtomicReferenceArray Type Confusion Sandbox Bypass Notes| CVE Name: CVE-2012-0507 VENDOR: Sun Notes: There is a Type Confusion vulnerability in java.util.concurrent.atomic.AtomicReferenceArray class...

OpenJDK: mutable repository identifiers (CORBA, 7110704)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.235 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via...

java-1.6.0-openjdk security update

1:1.6.0.0-1.43.1.10.6 - Updated to IcedTea6 1.10.6 - Resolves: rhbz787144 - Security fixes - S7082299: Fix in AtomicReferenceArray - S7088367: Fix issues in java sound - S7110683: Issues with some KeyboardFocusManager method - S7110687: Issues with TimeZone class - S7110700: Enhance exception...

Important: Red Hat Security Advisory: JBoss Enterprise Portal Platform 4.3 CP07 update

JBoss Enterprise Portal Platform 4.3 CP07, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

Application Security With Apache Shiro : Java security framework

Application Security With Apache Shiro : Java security framework Are you frustrated when you try to secure your applications? Do you feel existing Java security solutions are difficult to use and only confuse you further? Les Hazlewood is the Apache Shiro PMC Chair and co-founder and CTO of...

JBoss Seam 2 Remote Command Execution

JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language EL expressions, which allows remote attackers to execute arbitrary code via a crafted URL. This modules also has been tested...