Test ID:	1.3.6.1.4.1.25623.1.0.51387
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2004:900
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2004:900. The sun-jre and related packages have Sun's Java[1] implementation, including plugins for internet browsers. Jouko Pynnonen reported[2], through iDEFENSE, a vulnerability[3] in the plugin mechanism which allows remote attackers to bypass the Java sandbox through the use of javascript. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.javasoft.com http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1029 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:900 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	BugTraq ID: 11726 Common Vulnerability Exposure (CVE) ID: CVE-2004-1029 http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html BugTraq ID: 12317 http://www.securityfocus.com/bid/12317 CERT/CC vulnerability note: VU#760344 http://www.kb.cert.org/vuls/id/760344 http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities http://jouko.iki.fi/adv/javaplugin.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674 http://secunia.com/advisories/13271 http://secunia.com/advisories/29035 http://securityreason.com/securityalert/61 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 http://www.vupen.com/english/advisories/2008/0599 XForce ISS Database: sdk-jre-applet-restriction-bypass(18188) https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.