RHEL 7 : java-1.8.0-openjdk (RHSA-2020:0196)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0196 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20200121)

Security Fixes : - OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS Security, 8229951 CVE-2020-2601 - OpenJDK: Serialization filter changes via jdk.serialFilter property modification Serialization, 8231422 CVE-2020-2604 - OpenJDK: Improper checks of SASL message properties in GssKrb5Base...

OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)

A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...

Important: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

jackson-databind: Serialization gadgets in classes of the commons-configuration package

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)

A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...

Important: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

RHEL 6 : java-1.8.0-openjdk (RHSA-2020:0157)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0157 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

CentOS 7 : java-11-openjdk (RHSA-2020:0122)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0122 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

CentOS Update for java-11-openjdk CESA-2020:0122 centos7

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

java security update

CentOS Errata and Security Advisory CESA-2020:0122 An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Arbitrary Code Execution

openjdk is vulnerable to arbitrary code execution. Successful exploitation of the insecure serialization filter changes via jdk.serialFilter property modification results in a complete takeover of the application...

RHEL 7 : java-11-openjdk (RHSA-2020:0122)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0122 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

Scientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20200116)

Security Fixes : - OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS Security, 8229951 CVE-2020-2601 - OpenJDK: Serialization filter changes via jdk.serialFilter property modification Serialization, 8231422 CVE-2020-2604 - OpenJDK: Improper checks of SASL message properties in GssKrb5Base...

OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)

A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)

A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...