Test ID:	1.3.6.1.4.1.25623.1.0.60716
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2008:0156
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2008:0156. The BEA WebLogic JRockit 1.5.0_14 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.5.0_14 and are certified for the Java 5 Platform, Standard Edition, v1.5.0. A flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. (CVE-2007-5232) Untrusted Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files. (CVE-2007-5239) The Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display oversized windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240) Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273) Two vulnerabilities in the Java Runtime Environment allowed an untrusted application or applet to elevate the assigned privileges. This could be misused by a malicious website to read and write local files or execute local applications in the context of the user running the Java process. (CVE-2008-0657) Those vulnerabilities concerned with applets can only be triggered in java-1.5.0-bea by calling the 'appletviewer' application. All users of java-1.5.0-bea should upgrade to these updated packages, which contain the BEA WebLogic JRockit 1.5.0_14 release that resolves these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0156.html http://dev2dev.bea.com/pub/advisory/272 http://www.redhat.com/security/updates/classification/#moderate Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5232 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://dev2dev.bea.com/pub/advisory/272 BugTraq ID: 25918 http://www.securityfocus.com/bid/25918 Bugtraq: 20071029 FLEA-2007-0061-1 sun-jre sun-jdk (Google Search) http://www.securityfocus.com/archive/1/482926/100/0/threaded CERT/CC vulnerability note: VU#336105 http://www.kb.cert.org/vuls/id/336105 http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml http://security.gentoo.org/glsa/glsa-200804-28.xml http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml HPdes Security Advisory: HPSBUX02284 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 HPdes Security Advisory: SSRT071483 http://conference.hitb.org/hitbsecconf2007kl/?page_id=148 http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf http://docs.info.apple.com/article.html?artnum=307177 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9331 http://www.redhat.com/support/errata/RHSA-2007-0963.html http://www.redhat.com/support/errata/RHSA-2007-1041.html http://www.redhat.com/support/errata/RHSA-2008-0100.html http://www.redhat.com/support/errata/RHSA-2008-0132.html http://www.redhat.com/support/errata/RHSA-2008-0156.html http://www.securitytracker.com/id?1018768 http://secunia.com/advisories/27206 http://secunia.com/advisories/27261 http://secunia.com/advisories/27693 http://secunia.com/advisories/27716 http://secunia.com/advisories/27804 http://secunia.com/advisories/28115 http://secunia.com/advisories/28777 http://secunia.com/advisories/28880 http://secunia.com/advisories/29042 http://secunia.com/advisories/29214 http://secunia.com/advisories/29340 http://secunia.com/advisories/29858 http://secunia.com/advisories/29897 http://secunia.com/advisories/30676 http://secunia.com/advisories/30780 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201519-1 SuSE Security Announcement: SUSE-SA:2007:055 (Google Search) http://www.novell.com/linux/security/advisories/2007_55_java.html SuSE Security Announcement: SUSE-SA:2008:025 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://www.vupen.com/english/advisories/2007/3895 http://www.vupen.com/english/advisories/2007/4224 http://www.vupen.com/english/advisories/2008/0609 http://www.vupen.com/english/advisories/2008/1856/references XForce ISS Database: sun-java-appletcaching-security-bypass(36941) https://exchange.xforce.ibmcloud.com/vulnerabilities/36941 Common Vulnerability Exposure (CVE) ID: CVE-2007-5239 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8758 http://securitytracker.com/id?1018814 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1 XForce ISS Database: sun-java-dragdrop-weak-security(36950) https://exchange.xforce.ibmcloud.com/vulnerabilities/36950 Common Vulnerability Exposure (CVE) ID: CVE-2007-5240 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10783 http://www.securitytracker.com/id?1018769 http://secunia.com/advisories/31580 http://secunia.com/advisories/31586 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1 XForce ISS Database: sun-javawarning-weak-security(36942) https://exchange.xforce.ibmcloud.com/vulnerabilities/36942 Common Vulnerability Exposure (CVE) ID: CVE-2007-5273 http://seclists.org/fulldisclosure/2007/Jul/0159.html http://crypto.stanford.edu/dns/dns-rebinding.pdf http://osvdb.org/45527 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340 http://securitytracker.com/id?1018771 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1 Common Vulnerability Exposure (CVE) ID: CVE-2008-0657 http://dev2dev.bea.com/pub/advisory/277 BugTraq ID: 27650 http://www.securityfocus.com/bid/27650 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11505 http://www.redhat.com/support/errata/RHSA-2008-0123.html http://www.redhat.com/support/errata/RHSA-2008-0210.html http://www.securitytracker.com/id?1019308 http://secunia.com/advisories/28795 http://secunia.com/advisories/28888 http://secunia.com/advisories/29498 http://secunia.com/advisories/29841 http://secunia.com/advisories/31497 http://sunsolve.sun.com/search/document.do?assetkey=1-26-231261-1 http://www.vupen.com/english/advisories/2008/0429 http://www.vupen.com/english/advisories/2008/1252
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.