Apache Struts远程命令执行和任意文件覆盖漏洞

Bugtraq ID: 51257 Apache Struts是一款建立Java web应用程序的开放源代码架构。 Apache Struts存在安全漏洞，允许攻击者利用漏洞执行任意命令或覆盖任意文件 -Apache Struts存在一个输入过滤错误，如果遇到转换错误可被利用注入和执行任意Java代码。 -当处理COOKIE名称过程中CookieInterceptor类没有正确限制对某些静态模式的访问，可被利用执行任意命令。 -部分未明输入在用于创建文件之前没有由ParameterInterceptor进行正确过滤，可被利用通过目录遍历攻击创建或覆盖任意文件。 0 Apache Stru...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7698)

IBM Java 1.4.2 SR 13 Fixpack 10 has been released and fixes various bugs and security issues. The following security issues have been fixed : - Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231...

Apache Struts会话篡改安全绕过漏洞

Bugtraq ID: 50940 Apache Struts是一款建立Java web应用程序的开放源代码架构 Apache Struts存在安全漏洞，允许恶意用户绕过部分安全限制。 org.apache.struts2.interceptor.SessionAware或org.apache.struts2.interceptor.RequestAware接口没有正确阻止对会话映射的访问，可被利用向使用组合自动绑定接口的应用程序发送特制请求，可更改会话映射 Apache Software Foundation Struts 2.1.8 .1 Apache Software...

Sun Java Web Console BeginLogin.jsp redirect_url Parameter URI Redirection

The version of Sun Java Web Console running on the remote host may have a URI redirection vulnerability. An attacker could exploit this by tricking a user into requesting a specially crafted URL, which would redirect the user to an arbitrary website. This could result in further attacks e.g...

Fedora Update for icedtea-web FEDORA-2011-15673

Check for the Version of icedtea-web OpenVAS Vulnerability Test Fedora Update for icedtea-web FEDORA-2011-15673 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

RHEL 6 : icedtea-web (RHSA-2011:1441)

Updated icedtea-web packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2011-3549

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and...

CVE-2011-3549

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and...

CVE-2011-3546

CVE-2011-3546 affects Oracle Java SE JDK/JRE 7, 6 Update 27 and earlier, and JavaFX 2.0. The vulnerability allows remote execution impacting confidentiality and integrity via unknown vectors related to Deployment, exploitable by untrusted Java Web Start applications and untrusted applets. The IBM...

OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS...

CVE-2011-3544

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to...

CVE-2011-3558

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot...

CVE-2011-3548

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and...

OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity,...

OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availabili...

CentOS Update for java CESA-2011:0176 centos5 i386

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2011:0176 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

icedtea-web: Java Web Start security warning dialog manipulation

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warnin...

Moderate: Red Hat Security Advisory: icedtea-web security update

Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Fedora Update for icedtea-web FEDORA-2011-9541

Check for the Version of icedtea-web OpenVAS Vulnerability Test Fedora Update for icedtea-web FEDORA-2011-9541 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Fedora 15 : icedtea-web-1.0.4-1.fc15 (2011-9541)

This security fix that addresses the following issues : - RH718164: Home directory path disclosure to untrusted applications - RH718170: Java Web Start security warning dialog manipulation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...