Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2011-10) (BEAST)

A flaw was found in the Java RMI Remote Method Invocation registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. CVE-2011-3556 A flaw was found in the Java RMI registry implementation. A remote RMI client could use this...

Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-1380)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1380 advisory. 1:1.6.0.0-1.40.1.9.10 - Resolves: rhbz744788 - Bumped to IcedTea6 1.9.8 -removed font copying Security fixes - S7000600, CVE-2011-3547: InputStream...

Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)

USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel ARM architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel ARM architectures for Ubuntu 10.10. It was discovered that untrusted Java applets could create domain name resolution cache...

OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to...

ManageEngine SecurityManager Plus 5.5 Directory Traversal

This module exploits a directory traversal flaw found in ManageEngine SecurityManager Plus 5.5 or less. When handling a file download request, the DownloadServlet class fails to properly check the 'f' parameter, which can be abused to read any file outside the virtual directory. This module...

Fedora 16 : java-1.6.0-openjdk-1.6.0.0-68.1.11.4.fc16 (2012-13127)

This is update to latest IcedTea6 1.11.4 Except several minor enhancement there is fix for possible through by SecurityManager unguarded Beans. Although this is not so serious as for OpenJDK7, it is considered as security. http://blog.fuseyism.com/index.php/2012/08/31/security-icedtea6-1-10-9...

Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - Windows

Oracle Java SE JRE is prone to multiple remote code execution vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-4681

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

CVE-2012-4681

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

CVE-2012-4681

CVE-2012-4681 affects Oracle Java SE 7 (JRE) up to Update 6, and earlier; vulnerability chain bypasses SecurityManager via beans permission checks and restricted package access, using ClassFinder.findClass and reflection with a trusted immediate caller to reach private fields. Exploitation in the...

CentOS Update for java CESA-2011:0281 centos5 x86_64

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2011:0281 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CentOS Update for java CESA-2011:0281 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Ubuntu: Security Advisory (USN-1263-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1263-2: OpenJDK 6 regression

USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for the chosen plaintext attack on the block-wise AES encryption algorithm CVE-2011-3389 introduced a regression that caused TLS/SSL connections to fail when using certain algorithms. This update fixes the problem. We apologize for...

RHEL 6 : java-1.6.0-ibm (RHSA-2012:0034)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0034 advisory. The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes...

OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to...

tomcat: file permission bypass flaw

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attac...

Oracle Java Rhino Script Engine Code Execution

Added: 12/02/2011 CVE: CVE-2011-3544 BID: 50218 OSVDB: 76500 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities (USN-1263-1) (BEAST)

Deepak Bhole discovered a flaw in the Same Origin Policy SOP implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. CVE-2011-3377 Juliano Rizzo and Thai Duong discovered that the block-wise AES...

Critical: java-1.6.0-openjdk

Issue Overview: A flaw was found in the Java RMI Remote Method Invocation registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. CVE-2011-3556 A flaw was found in the Java RMI registry implementation. A remote RMI client...