Oracle Java Rhino Script Engine Code Execution

Added: 12/02/2011 CVE: CVE-2011-3544 BID: 50218 OSVDB: 76500 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities (USN-1263-1) (BEAST)

Deepak Bhole discovered a flaw in the Same Origin Policy SOP implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. CVE-2011-3377 Juliano Rizzo and Thai Duong discovered that the block-wise AES...

Critical: java-1.6.0-openjdk

Issue Overview: A flaw was found in the Java RMI Remote Method Invocation registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. CVE-2011-3556 A flaw was found in the Java RMI registry implementation. A remote RMI client...

RHEL 5 / 6 : java-1.6.0-sun (RHSA-2011:1384)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1384 advisory. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes...

RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:1380)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1380 advisory. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java R...

java-1.6.0-openjdk security update

1:1.6.0.0-1.40.1.9.10 - Resolves: rhbz744788 - Bumped to IcedTea6 1.9.8 -removed font copying Security fixes - S7000600, CVE-2011-3547: InputStream skip information leak - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow ...

Fixed in Apache Tomcat 5.5.34

Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184 Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security tea...

CentOS Update for java CESA-2011:0281 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Apache Tomcat SecurityManager Security Bypass Vulnerability

Bugtraq ID:46177 CVE:CVE-2010-3718 Apache Tomcat is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and gain access to arbitrary files and directories in the context of the web server. This issue affects Apache Tomcat...

[SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-2526: Apache Tomcat Information disclosure and availability vulnerabilities Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 7.0.0 to 7.0.18 Tomcat 6.0.0 to 6.0.32 Tomcat 5.5.0 to 5.0.33 Previous, unsupported...

CVE-2011-0990

Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service plugin crash or...

Ubuntu Update for tomcat6 vulnerabilities USN-1097-1

Ubuntu Update for Linux kernel vulnerabilities USN-1097-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10971.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for tomcat6 vulnerabilities USN-1097-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)

Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 java-1.6.0-openjdk Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Ubuntu 9.10 / 10.04 LTS / 10.10 : tomcat6 vulnerabilities (USN-1097-1)

It was discovered that the Tomcat SecurityManager did not properly restrict the working directory. An attacker could use this flaw to read or write files outside of the intended working directory. CVE-2010-3718 It was discovered that Tomcat did not properly escape certain parameters in the Manage...

USN-1097-1: Tomcat vulnerabilities

It was discovered that the Tomcat SecurityManager did not properly restrict the working directory. An attacker could use this flaw to read or write files outside of the intended working directory. CVE-2010-3718 It was discovered that Tomcat did not properly escape certain parameters in the Manage...

Debian Security Advisory DSA 2160-1 (tomcat6)

The remote host is missing an update to tomcat6 announced via advisory DSA 2160-1. OpenVAS Vulnerability Test $Id: deb21601.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2160-1 tomcat6 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)

Check for the Version of tomcat5 OpenVAS Vulnerability Test Mandriva Update for tomcat5 MDVSA-2011:030 tomcat5 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:030)

Multiple vulnerabilities has been found and corrected in tomcat5 : When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the...

Debian DSA-2160-1 : tomcat6 - several vulnerabilities

Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine : - CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory. - CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting. -...