ID de Prueba:	1.3.6.1.4.1.25623.1.0.59631
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:1041
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:1041. IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. The applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. (CVE-2007-5232) Multiple vulnerabilities existed in Java Web Start allowing an untrusted application to determine the location of the Java Web Start cache. (CVE-2007-5238) Untrusted Java Web Start Applications or Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files. (CVE-2007-5239) The Java Runtime Environment allowed untrusted Java Applets or applications to display oversized Windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240) Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached malicious Applet could create network connections to services on other machines. (CVE-2007-5273) Unsigned Applets loaded with Mozilla Firefox or Opera browsers allowed remote attackers to violate the Java security model. A cached malicious Applet could create network connections to services on other machines. (CVE-2007-5274) All users of java-ibm-1.5.0 are advised to upgrade to these updated packages, that contain IBM's 1.5.0 SR6 Java release which resolves these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-1041.html http://www.redhat.com/security/updates/classification/#important Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5232 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://dev2dev.bea.com/pub/advisory/272 BugTraq ID: 25918 http://www.securityfocus.com/bid/25918 Bugtraq: 20071029 FLEA-2007-0061-1 sun-jre sun-jdk (Google Search) http://www.securityfocus.com/archive/1/482926/100/0/threaded CERT/CC vulnerability note: VU#336105 http://www.kb.cert.org/vuls/id/336105 http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml http://security.gentoo.org/glsa/glsa-200804-28.xml http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml HPdes Security Advisory: HPSBUX02284 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 HPdes Security Advisory: SSRT071483 http://conference.hitb.org/hitbsecconf2007kl/?page_id=148 http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf http://docs.info.apple.com/article.html?artnum=307177 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9331 http://www.redhat.com/support/errata/RHSA-2007-0963.html http://www.redhat.com/support/errata/RHSA-2007-1041.html http://www.redhat.com/support/errata/RHSA-2008-0100.html http://www.redhat.com/support/errata/RHSA-2008-0132.html http://www.redhat.com/support/errata/RHSA-2008-0156.html http://www.securitytracker.com/id?1018768 http://secunia.com/advisories/27206 http://secunia.com/advisories/27261 http://secunia.com/advisories/27693 http://secunia.com/advisories/27716 http://secunia.com/advisories/27804 http://secunia.com/advisories/28115 http://secunia.com/advisories/28777 http://secunia.com/advisories/28880 http://secunia.com/advisories/29042 http://secunia.com/advisories/29214 http://secunia.com/advisories/29340 http://secunia.com/advisories/29858 http://secunia.com/advisories/29897 http://secunia.com/advisories/30676 http://secunia.com/advisories/30780 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201519-1 SuSE Security Announcement: SUSE-SA:2007:055 (Google Search) http://www.novell.com/linux/security/advisories/2007_55_java.html SuSE Security Announcement: SUSE-SA:2008:025 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://www.vupen.com/english/advisories/2007/3895 http://www.vupen.com/english/advisories/2007/4224 http://www.vupen.com/english/advisories/2008/0609 http://www.vupen.com/english/advisories/2008/1856/references XForce ISS Database: sun-java-appletcaching-security-bypass(36941) https://exchange.xforce.ibmcloud.com/vulnerabilities/36941 Common Vulnerability Exposure (CVE) ID: CVE-2007-5238 BugTraq ID: 25920 http://www.securityfocus.com/bid/25920 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11592 http://www.securitytracker.com/id?1018770 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1 XForce ISS Database: javaweb-cache-information-disclosure(36946) https://exchange.xforce.ibmcloud.com/vulnerabilities/36946 Common Vulnerability Exposure (CVE) ID: CVE-2007-5240 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10783 http://www.securitytracker.com/id?1018769 http://secunia.com/advisories/31580 http://secunia.com/advisories/31586 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1 XForce ISS Database: sun-javawarning-weak-security(36942) https://exchange.xforce.ibmcloud.com/vulnerabilities/36942 Common Vulnerability Exposure (CVE) ID: CVE-2007-5239 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8758 http://securitytracker.com/id?1018814 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1 XForce ISS Database: sun-java-dragdrop-weak-security(36950) https://exchange.xforce.ibmcloud.com/vulnerabilities/36950 Common Vulnerability Exposure (CVE) ID: CVE-2007-5273 http://seclists.org/fulldisclosure/2007/Jul/0159.html http://crypto.stanford.edu/dns/dns-rebinding.pdf http://osvdb.org/45527 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340 http://securitytracker.com/id?1018771 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1 Common Vulnerability Exposure (CVE) ID: CVE-2007-5274 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10908
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.