Security Bulletin: Potential security vulnerabilities with JavaTM SDKs

Abstract Smarter Infrastructure Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Content VULNERABILITY DETAILS: Customers who have Java based applications, such as Maximo Asse...

Infographic: Log4Shell Vulnerability Impact by the Numbers

The full scope of risk presented by the Log4Shell vulnerability is something unprecedented, spanning every type of organization across every industry. Hard to find but easy to exploit, Log4Shell immediately places hundreds of millions of Java-based applications, databases, and devices at risk...

Log4Shell – Follow This Multi-Layered Approach for Detection and Remediation

Since the Log4Shell vulnerability was first discovered, Qualys has analyzed and responded to the threat in a systematic way approaching it from all angles – detection, mitigation and remediation. Recognizing the challenge it poses to large enterprises, we recommend that organizations follow a...

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

Published on: 2021 Dec 11, updated 2022 Apr 6. SUMMARY SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j a logging tool used in many Java-based applications disclosed on 9 Dec 2021. Currently, Microsoft is not aware of any impact, outsid...

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

Published on: 2021 Dec 11, updated 2021 Dec 18. SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j a logging tool used in many Java-based applications disclosed on 9 Dec 2021. Currently, Microsoft is not aware of any impact, outside of th...

[SECURITY] Fedora 30 Update: jss-4.6.2-1.fc30

Java Security Services JSS is a java native interface which provides a br idge for java-based applications to use native Network Security Services NSS. This only works with gcj. Other JREs require that JCE providers be signed...

Oracle JDeveloper IDE Directory Traversal Vulnerability

Exploit for java platform in category web applications + Credits: John Page aka hyp3rlinx Vendor: ============= www.oracle.com Product: =========== JDeveloper IDE Oracle JDeveloper is a free integrated development environment that simplifies the development of Java-based applications addressing...

Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64

A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially crafted HTTP request. CVE-2010-4476 All running instances of...