CVE-2008-3683

The CVE-2008-3683 affects Sun Java System Web Proxy Server 4.0–4.0.5 prior to SP6, where an unspecified vulnerability in the FTP subsystem can allow remote attackers to trigger a denial of service by exhausting file descriptors (failure to accept new connections). The issue is described as unknow...

CVE-2008-3683

Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service failure to accept connections via unknown vectors, probably related to exhaustion of file descriptors...

Sun Java System Web Proxy Server FTP子系统拒绝服务漏洞

BUGTRAQ ID: 30671 CNCAN ID：CNCAN-2008081410 Sun Java System Web Proxy Server是一款基于JAVA的WEB代理服务程序。 Sun Java System Web Proxy Server 4.0的FTP子系统存在安全问题，本地或远程攻击者可以阻止代理服务器接收新的连接，导致拒绝服务攻击。 目前没有详细漏洞细节提供。 Sun Java System Web Proxy Server 4.0.5 Sun Java System Web Proxy Server 4.0 可参考如下安全公告获得补丁信息：...

Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)

Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue...

security flaw

Unspecified vulnerability in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted 1 application or 2 applet, a different...

Java Plugin same-origin-policy bypass

Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...

Buffer overflow security vulnerabilities in Java Web Start

Stack-based buffer overflow in Java Web Start javaws.exe in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file...

JRE image parsing library allows privilege escalation (CVE-2008-1194)

Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service crash via unknown vectors...

Low: Red Hat Security Advisory: Red Hat Network Satellite Server Sun Java Runtime security update

Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in the Red Hat Network Satellite Server Sun Java Runtime Environment. This update has been rated as having low security impact by the Red Hat Security Response Team. This...

Java Web Start, arbitrary file creation (6703909)

Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909...

Information disclosure

Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition aka Java ME, J2ME, or mobile Java, as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no...

CVE-2008-3551

Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition aka Java ME, J2ME, or mobile Java, as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no...

CVE-2008-3551

Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition aka Java ME, J2ME, or mobile Java, as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no...

CVE-2008-3551

Technical details about CVE-2008-3551 are not publicly available in the provided documents. No concrete affected products, components, versions, or exploit information are disclosed here. Monitor for updates from official sources.

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

Solaris 8 (sparc) : 119725-06

Sun JavaTM System LDAP Java Development Kit 4.21: patch for Sola. Date this patch was last updated by Sun : Sep/19/08 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

Solaris 10 (sparc) : 119725-06 (deprecated)

Sun JavaTM System LDAP Java Development Kit 4.21: patch for Sola. Date this patch was last updated by Sun : Sep/19/08 This plugin has been deprecated and either replaced with individual 119725 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security,...

CVE-2008-3440

Sun Java 1.6.003 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...