English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60720
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0186
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0186.

The Java Runtime Environment (JRE) contains the software and tools
that users need to run applets and applications written using the Java
programming language.

Flaws in the JRE allowed an untrusted application or applet to elevate its
privileges. This could be exploited by a remote attacker to access local
files or execute local applications accessible to the user running the JRE
(CVE-2008-1185, CVE-2008-1186)

A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)

Several buffer overflow flaws were found in Java Web Start (JWS). An
untrusted JNLP application could access local files or execute local
applications accessible to the user running the JRE.
(CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)

A flaw was found in the Java Plug-in. A remote attacker could bypass the
same origin policy, executing arbitrary code with the permissions of the
user running the JRE. (CVE-2008-1192)

A flaw was found in the JRE image parsing libraries. An untrusted
application or applet could cause a denial of service, or possible execute
arbitrary code with the permissions of the user running the JRE.
(CVE-2008-1193)

A flaw was found in the JRE color management library. An untrusted
application or applet could trigger a denial of service (JVM crash).
(CVE-2008-1194)

The JRE allowed untrusted JavaScript code to create local network
connections by the use of Java APIs. A remote attacker could use these
flaws to acesss local network services. (CVE-2008-1195)

This update also fixes an issue where the Java Plug-in is not available for
browser use after successful installation.

Users of java-1.5.0-sun should upgrade to these updated packages, which
correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0186.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-233321-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-233322-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-233323-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-233324-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-233325-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-233326-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-233327-1
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-1185
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
Cert/CC Advisory: TA08-066A
http://www.us-cert.gov/cas/techalerts/TA08-066A.html
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9672
http://www.redhat.com/support/errata/RHSA-2008-0186.html
http://securitytracker.com/id?1019555
http://secunia.com/advisories/29239
http://secunia.com/advisories/29273
http://secunia.com/advisories/29582
http://secunia.com/advisories/29858
http://secunia.com/advisories/30676
http://secunia.com/advisories/30780
http://secunia.com/advisories/32018
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233321-1
SuSE Security Announcement: SUSE-SA:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html
http://www.vupen.com/english/advisories/2008/0770/references
http://www.vupen.com/english/advisories/2008/1856/references
XForce ISS Database: java-virtualmachine-multiple-priv-escalation(41025)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41025
XForce ISS Database: sun-jre-unspecified-priv-escalation(41138)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41138
Common Vulnerability Exposure (CVE) ID: CVE-2008-1186
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9585
Common Vulnerability Exposure (CVE) ID: CVE-2008-1187
http://dev2dev.bea.com/pub/advisory/277
http://jvn.jp/en/jp/JVN04032535/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10278
http://www.redhat.com/support/errata/RHSA-2008-0210.html
http://www.redhat.com/support/errata/RHSA-2008-0243.html
http://www.redhat.com/support/errata/RHSA-2008-0244.html
http://www.redhat.com/support/errata/RHSA-2008-0245.html
http://www.redhat.com/support/errata/RHSA-2008-0267.html
http://www.redhat.com/support/errata/RHSA-2008-0555.html
http://www.securitytracker.com/id?1019548
http://secunia.com/advisories/29498
http://secunia.com/advisories/29841
http://secunia.com/advisories/29897
http://secunia.com/advisories/29999
http://secunia.com/advisories/30003
http://secunia.com/advisories/31067
http://secunia.com/advisories/31497
http://secunia.com/advisories/31580
http://secunia.com/advisories/31586
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233322-1
SuSE Security Announcement: SUSE-SA:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
http://www.vupen.com/english/advisories/2008/1252
Common Vulnerability Exposure (CVE) ID: CVE-2008-1188
http://www.zerodayinitiative.com/advisories/ZDI-08-009/
http://www.zerodayinitiative.com/advisories/ZDI-08-010/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11209
http://www.securitytracker.com/id?1019549
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1
XForce ISS Database: javawebstart-application-priv-escalation(41029)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41029
XForce ISS Database: javawebstart-multiple-unspecified-bo(41133)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41133
Common Vulnerability Exposure (CVE) ID: CVE-2008-1189
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9582
XForce ISS Database: javawebstart-unspecified-bo(41135)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41135
Common Vulnerability Exposure (CVE) ID: CVE-2008-1190
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9914
Common Vulnerability Exposure (CVE) ID: CVE-2008-1191
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10167
XForce ISS Database: javawebstart-unspecified-priv-escalation(41136)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41136
Common Vulnerability Exposure (CVE) ID: CVE-2008-1192
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11813
http://www.securitytracker.com/id?1019550
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233324-1
XForce ISS Database: java-plugin-unspecified-security-bypass(41031)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41031
Common Vulnerability Exposure (CVE) ID: CVE-2008-1193
BugTraq ID: 28125
http://www.securityfocus.com/bid/28125
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11409
http://www.securitytracker.com/id?1019551
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233325-1
XForce ISS Database: sun-jre-imagelibrary-privilege-escalation(41028)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41028
Common Vulnerability Exposure (CVE) ID: CVE-2008-1194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9542
XForce ISS Database: sun-jre-jdk-colorlibrary-dos(41132)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41132
Common Vulnerability Exposure (CVE) ID: CVE-2008-1195
Bugtraq: 20080327 rPSA-2008-0128-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/490196/100/0/threaded
Cert/CC Advisory: TA08-087A
http://www.us-cert.gov/cas/techalerts/TA08-087A.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:080
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9486
http://www.securitytracker.com/id?1019553
http://secunia.com/advisories/29526
http://secunia.com/advisories/29541
http://secunia.com/advisories/29547
http://secunia.com/advisories/29560
http://secunia.com/advisories/29645
http://secunia.com/advisories/30620
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233326-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
SuSE Security Announcement: SUSE-SA:2008:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html
http://www.ubuntu.com/usn/usn-592-1
http://www.vupen.com/english/advisories/2008/0998/references
http://www.vupen.com/english/advisories/2008/1793/references
XForce ISS Database: sun-jre-javascript-unauthorized-access(41030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41030
Common Vulnerability Exposure (CVE) ID: CVE-2008-1196
CERT/CC vulnerability note: VU#223028
http://www.kb.cert.org/vuls/id/223028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10412
http://www.securitytracker.com/id?1019552
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233327-1
XForce ISS Database: sun-java-webstart-javaws-bo(41026)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41026
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.