Sun Java System Web Server证书撤销访问控制绕过漏洞

Sun Java系统应用和WEB服务器都是与J2EE平台兼容的应用服务器。 Sun Java System Web Server中的安全漏洞可能允许本地或远程用户获取对某些Web服务器例程的授权访问。 如果通过管理服务器创建了安全的Web服务器例程做为非root例程且将改管理服务器配置为以root用户权限运行的话，则这个漏洞可能允许拥有已撤销客户端证书的用户在某些条件下访问Web服务器例程，即使该例程已经安装了有效的证书撤销列表（CRL）文件。 仅在满足以下两个条件下这个漏洞才会影响主机： 1 包含有满足某些标准的证书撤销列表（CRL） 2...

Heap overflow

Integer underflow in the SSLv2 support in Mozilla Network Security Services NSS before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to...

CVE-2007-0008

CVE-2007-0008 is an NSS heap-based overflow caused by an integer underflow when processing an SSLv2 server message with a key too short to encrypt the Master Secret. It affects SeaMonkey, Firefox, and Thunderbird around NSS usage and was addressed by updating to fixed NSS-containing packages (e.g...

SUSE-SA:2007:003: Sun Java

The remote host is missing the patch for the advisory SUSE-SA:2007:003 Sun Java. The SUN Java packages have been upgraded to fix security problems. SUN Java was upgraded on all affected distributions: - The Java 1.3 version to 1.3.119 for SUSE Linux Enterprise Server 8. - The Java 1.4 version als...

Sun JDK/JRE: Execution of arbitrary code

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description A anonymous researcher discovered that an error in the handling of a GIF image with a zero width field block leads to a memory corruption flaw. Impact An attacker could...

security flaw

Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 5 and earlier, Java System Development Kit SDK and JRE 1.4.210 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...

security flaw

Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 6 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...

Sun Network Security Services (NSS) vulnerable to DoS due to an unspecified vulnerability

Overview The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Description The Sun One Application Server provides a Java 2 Platform for delivering Java...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 6.3, and 7 2005Q4 7.0 before 20070129 allow remote attackers to inject arbitrary web script or HTML via the 1 goto or 2 gx-charset parameter. NOTE: some of these details are obtained from third...

CVE-2007-0628

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 6.3, and 7 2005Q4 7.0 before 20070129 allow remote attackers to inject arbitrary web script or HTML via the 1 goto or 2 gx-charset parameter. NOTE: some of these details are obtained from third...

CVE-2007-0628

CVE-2007-0628 concerns multiple XSS vulnerabilities in Sun Java System Access Manager versions 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) prior to 20070129. The flaws allow remote attackers to inject arbitrary web script or HTML through the goto or gx-charset parameters. The NVD entry lists a C...

CVE-2007-0628

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 6.3, and 7 2005Q4 7.0 before 20070129 allow remote attackers to inject arbitrary web script or HTML via the 1 goto or 2 gx-charset parameter. NOTE: some of these details are obtained from third...

java-jre: GIF buffer overflow

Buffer overflow in Sun JDK and Java Runtime Environment JRE 5.0 Update 9 and earlier, SDK and JRE 1.4.212 and earlier, and SDK and JRE 1.3.118 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption...

security flaw

Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 5 and earlier, Java System Development Kit SDK and JRE 1.4.210 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...

Sun Java memory corruption

Memory corruption on GIF files parsing with 0 width block. Can be used for hidden malware installation...

Sun JDK/JRE: Multiple vulnerabilities

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an...

Sun Microsystems Java GIF image processing buffer overflow

Overview A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for...

Sun Java JRE GIF Image Handling Buffer Overflow (102760)

According to its version number, the Sun JRE running on the remote host has a buffer overflow issue that can be triggered when parsing a GIF image with the image width in an image block set to 0. If an attacker can trick a user on the affected system into processing a specially crafted image file...

Sun Java JRE vulnerable to arbitrary code execution via an unspecified error

Overview A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for...

Sun Java JRE vulnerable to privilege escalation

Overview A vulnerability in the Sun Java Runtime Environment may allow a malicious applet to gain elevated privileges. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for multiple operati...