ID de Prueba:	1.3.6.1.4.1.25623.1.0.60716
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0156
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0156. The BEA WebLogic JRockit 1.5.0_14 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.5.0_14 and are certified for the Java 5 Platform, Standard Edition, v1.5.0. A flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. (CVE-2007-5232) Untrusted Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files. (CVE-2007-5239) The Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display oversized windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240) Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273) Two vulnerabilities in the Java Runtime Environment allowed an untrusted application or applet to elevate the assigned privileges. This could be misused by a malicious website to read and write local files or execute local applications in the context of the user running the Java process. (CVE-2008-0657) Those vulnerabilities concerned with applets can only be triggered in java-1.5.0-bea by calling the 'appletviewer' application. All users of java-1.5.0-bea should upgrade to these updated packages, which contain the BEA WebLogic JRockit 1.5.0_14 release that resolves these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0156.html http://dev2dev.bea.com/pub/advisory/272 http://www.redhat.com/security/updates/classification/#moderate Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5232 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://dev2dev.bea.com/pub/advisory/272 BugTraq ID: 25918 http://www.securityfocus.com/bid/25918 Bugtraq: 20071029 FLEA-2007-0061-1 sun-jre sun-jdk (Google Search) http://www.securityfocus.com/archive/1/482926/100/0/threaded CERT/CC vulnerability note: VU#336105 http://www.kb.cert.org/vuls/id/336105 http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml http://security.gentoo.org/glsa/glsa-200804-28.xml http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml HPdes Security Advisory: HPSBUX02284 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 HPdes Security Advisory: SSRT071483 http://conference.hitb.org/hitbsecconf2007kl/?page_id=148 http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf http://docs.info.apple.com/article.html?artnum=307177 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9331 http://www.redhat.com/support/errata/RHSA-2007-0963.html http://www.redhat.com/support/errata/RHSA-2007-1041.html http://www.redhat.com/support/errata/RHSA-2008-0100.html http://www.redhat.com/support/errata/RHSA-2008-0132.html http://www.redhat.com/support/errata/RHSA-2008-0156.html http://www.securitytracker.com/id?1018768 http://secunia.com/advisories/27206 http://secunia.com/advisories/27261 http://secunia.com/advisories/27693 http://secunia.com/advisories/27716 http://secunia.com/advisories/27804 http://secunia.com/advisories/28115 http://secunia.com/advisories/28777 http://secunia.com/advisories/28880 http://secunia.com/advisories/29042 http://secunia.com/advisories/29214 http://secunia.com/advisories/29340 http://secunia.com/advisories/29858 http://secunia.com/advisories/29897 http://secunia.com/advisories/30676 http://secunia.com/advisories/30780 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201519-1 SuSE Security Announcement: SUSE-SA:2007:055 (Google Search) http://www.novell.com/linux/security/advisories/2007_55_java.html SuSE Security Announcement: SUSE-SA:2008:025 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://www.vupen.com/english/advisories/2007/3895 http://www.vupen.com/english/advisories/2007/4224 http://www.vupen.com/english/advisories/2008/0609 http://www.vupen.com/english/advisories/2008/1856/references XForce ISS Database: sun-java-appletcaching-security-bypass(36941) https://exchange.xforce.ibmcloud.com/vulnerabilities/36941 Common Vulnerability Exposure (CVE) ID: CVE-2007-5239 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8758 http://securitytracker.com/id?1018814 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1 XForce ISS Database: sun-java-dragdrop-weak-security(36950) https://exchange.xforce.ibmcloud.com/vulnerabilities/36950 Common Vulnerability Exposure (CVE) ID: CVE-2007-5240 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10783 http://www.securitytracker.com/id?1018769 http://secunia.com/advisories/31580 http://secunia.com/advisories/31586 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1 XForce ISS Database: sun-javawarning-weak-security(36942) https://exchange.xforce.ibmcloud.com/vulnerabilities/36942 Common Vulnerability Exposure (CVE) ID: CVE-2007-5273 http://seclists.org/fulldisclosure/2007/Jul/0159.html http://crypto.stanford.edu/dns/dns-rebinding.pdf http://osvdb.org/45527 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340 http://securitytracker.com/id?1018771 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1 Common Vulnerability Exposure (CVE) ID: CVE-2008-0657 http://dev2dev.bea.com/pub/advisory/277 BugTraq ID: 27650 http://www.securityfocus.com/bid/27650 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11505 http://www.redhat.com/support/errata/RHSA-2008-0123.html http://www.redhat.com/support/errata/RHSA-2008-0210.html http://www.securitytracker.com/id?1019308 http://secunia.com/advisories/28795 http://secunia.com/advisories/28888 http://secunia.com/advisories/29498 http://secunia.com/advisories/29841 http://secunia.com/advisories/31497 http://sunsolve.sun.com/search/document.do?assetkey=1-26-231261-1 http://www.vupen.com/english/advisories/2008/0429 http://www.vupen.com/english/advisories/2008/1252
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.