java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303)

Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via a long file: URL in a...

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

java-1.6.0-openjdk security update

1:1.6.0.0.0-1.7.b09.0.1.el5 - Add oracle-enterprise.patch 1:1.6.0-1.7.b09 - Fixed applying patches 1:1.6.0-1.6.b09 - Updated Release 1:1.6.0-1.5.b09 - Fixed Makefile patch 1:1.6.0-1.4.b09 - Updated release tag 1:1.6.0-1.3.b09 - Updated release...

SLES10: Security update for IBM Java 1.5.0

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: java-150-ibm java-150-ibm-alsa java-150-ibm-devel java-150-ibm-fonts java-150-ibm-jdbc java-150-ibm-plugin More details may also be found by searching for th...

openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)

The Sun JDK 6 was updated to Update13 to fix various bugs and security issues. CVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier do...

Encrypted passwords in osuser.xml

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-17317. panel We need to set a crypted password instead plain text password in java.naming.security.credentials within osuser.xml...

OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)

Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allows remote attackers to cause a denial of service probably resource consumption for a JAX-WS service endpoint via a connection without...

Security feature bypass

The Web Services Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists CRL, does not call the setRevocationEnabled method on the PKIXBuilderParameters object,...

CVE-2008-4679

CVE-2008-4679 affects IBM WebSphere Application Server: Web Services Security in WAS 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19. When Certificate Store Collections uses CRLs, the code path does not call setRevocationEnabled on PKIXBuilderParameters, preventing revocation checks for X.509 certi...

FreeBSD Ports: jdk

The remote host is missing an update to the system as announced in the referenced advisory. VID c93e4d41-75c5-11dc-b903-0016179b2dd5 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition

The Java Secure Socket Extension JSSE in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.211 through 1.4.214, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service CPU consumption via certain SSL/TLS handshake...

CVE-2003-1521

CVE-2003-1521 affects Sun Java Plug-In 1.4–1.4.2_02. The issue enables remote attackers to repeatedly access the floppy drive via createXmlDocument in the org.apache.crimson.tree.XmlDocument class, violating the Java security model. The connected Red Hat and CVE records confirm the same descripti...

CVE-2003-1521

Sun Java Plug-In 1.4 through 1.4.202 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model...

CVE-2003-1123

Sun Java Runtime Environment JRE and SDK 1.4.001 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model...

CVE-2003-1123

Sun Java Runtime Environment JRE and SDK 1.4.001 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model...

CVE-2003-1521

Sun Java Plug-In 1.4 through 1.4.202 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model...

Sun Java Plugin 1.4 - Unauthorized Java Applet Floppy Access

source: https://www.securityfocus.com/bid/8867/info A weakness has been reported in Java implementations that may constitute unauthorized access by Java applets to floppy devices. This weakness appears to present a flaw in the Java security model. This issue was reported in Java Plug-in 1.4.x...

Sun Java Plugin 1.4 - Unauthorized Java Applet Floppy Access

Sun Java Plugin 1.4 - Unauthorized Java Applet Floppy Access source: https://www.securityfocus.com/bid/8867/info A weakness has been reported in Java implementations that may constitute unauthorized access by Java applets to floppy devices. This weakness appears to present a flaw in the Java...

CVE-1999-1262

Technical details about CVE-1999-1262 are not publicly available in the provided connected documents. Monitor for updates.

Java HTTP proxy vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===Java HTTP proxy vulnerability=== Reference wal-01 Version 1.0 Date March 05, 2002 ===Cross references Sun Security Bulletin 00216 Microsoft Security Bulletin MS02-013 Vulnerability identifier CAN-2002-0058 under review...