Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58482
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0818
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0818.

The Java Runtime Environment (JRE) contains the software and tools
that users need to run applets and applications written using the Java
programming language.

The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)

The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)

The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)

A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)

All users of java-sun-1.5.0 should upgrade to these packages, which contain
Sun Java 1.5.0 Update 12 that corrects these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0818.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3503
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://dev2dev.bea.com/pub/advisory/248
BugTraq ID: 24690
http://www.securityfocus.com/bid/24690
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
http://docs.info.apple.com/article.html?artnum=307177
http://osvdb.org/36488
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10704
http://www.redhat.com/support/errata/RHSA-2007-0818.html
http://www.redhat.com/support/errata/RHSA-2007-0829.html
http://www.redhat.com/support/errata/RHSA-2007-0956.html
http://www.securitytracker.com/id?1018327
http://secunia.com/advisories/25769
http://secunia.com/advisories/26314
http://secunia.com/advisories/26369
http://secunia.com/advisories/26631
http://secunia.com/advisories/26645
http://secunia.com/advisories/26933
http://secunia.com/advisories/27203
http://secunia.com/advisories/28115
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1
http://www.vupen.com/english/advisories/2007/2383
http://www.vupen.com/english/advisories/2007/3009
http://www.vupen.com/english/advisories/2007/4224
XForce ISS Database: sun-jdk-javadoc-xss(35168)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35168
Common Vulnerability Exposure (CVE) ID: CVE-2007-3655
BugTraq ID: 24832
http://www.securityfocus.com/bid/24832
Bugtraq: 20070709 EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/473224/100/0/threaded
Bugtraq: 20070711 SUN Java JNLP Overflow (Google Search)
http://www.securityfocus.com/archive/1/473356/100/0/threaded
http://www.exploit-db.com/exploits/30284
http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
http://research.eeye.com/html/advisories/published/AD20070705.html
http://osvdb.org/37756
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367
http://www.securitytracker.com/id?1018346
http://secunia.com/advisories/25981
http://secunia.com/advisories/27266
http://secunia.com/advisories/29858
http://secunia.com/advisories/30780
http://securityreason.com/securityalert/2874
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1
SuSE Security Announcement: SUSE-SA:2007:056 (Google Search)
http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html
http://www.vupen.com/english/advisories/2007/2477
XForce ISS Database: sun-java-jnlp-bo(35320)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35320
Common Vulnerability Exposure (CVE) ID: CVE-2007-3698
http://dev2dev.bea.com/pub/advisory/249
BugTraq ID: 24846
http://www.securityfocus.com/bid/24846
Cisco Security Advisory: 20070725 Vulnerability in Java Secure Socket Extension
http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html
HPdes Security Advisory: HPSBMA02288
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450
HPdes Security Advisory: SSRT071465
http://osvdb.org/36663
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634
http://www.redhat.com/support/errata/RHSA-2007-1086.html
http://www.redhat.com/support/errata/RHSA-2008-0100.html
http://www.redhat.com/support/errata/RHSA-2008-0132.html
http://www.securitytracker.com/id?1018357
http://secunia.com/advisories/26015
http://secunia.com/advisories/26221
http://secunia.com/advisories/27635
http://secunia.com/advisories/27716
http://secunia.com/advisories/28056
http://secunia.com/advisories/28777
http://secunia.com/advisories/28880
http://secunia.com/advisories/29340
http://secunia.com/advisories/29897
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1
SuSE Security Announcement: SUSE-SA:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
http://www.vupen.com/english/advisories/2007/2495
http://www.vupen.com/english/advisories/2007/2660
http://www.vupen.com/english/advisories/2007/3861
XForce ISS Database: sun-jsse-ssltls-dos(35333)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35333
Common Vulnerability Exposure (CVE) ID: CVE-2007-3922
BugTraq ID: 25054
http://www.securityfocus.com/bid/25054
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387
http://www.redhat.com/support/errata/RHSA-2008-0133.html
http://www.securitytracker.com/id?1018428
http://secunia.com/advisories/30805
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.486841
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1
http://www.vupen.com/english/advisories/2007/2573
XForce ISS Database: sun-java-class-unauthorized-access(35491)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35491
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.