Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0595

The remote host is missing updates announced in
advisory RHSA-2008:0595.

The Java Runtime Environment (JRE) contains the software and tools that
users need to run applets and applications written using the Java
programming language.

A vulnerability was found in the Java Management Extensions (JMX)
management agent, when local monitoring is enabled. This allowed remote
attackers to perform illegal operations. (CVE-2008-3103)

Multiple vulnerabilities with unsigned applets were reported. A remote
attacker could misuse an unsigned applet to connect to localhost services
running on the host running the applet. (CVE-2008-3104)

A Java Runtime Environment (JRE) vulnerability could be triggered by an
untrusted application or applet. A remote attacker could grant an untrusted
applet extended privileges such as reading and writing local files, or
executing local programs. (CVE-2008-3107)

Several buffer overflow vulnerabilities in Java Web Start were reported.
These vulnerabilities may allow an untrusted Java Web Start application to
elevate its privileges and thereby grant itself permission to read and/or
write local files, as well as to execute local applications accessible to
the user running the untrusted application. (CVE-2008-3111)

Two file processing vulnerabilities in Java Web Start were found. A remote
attacker, by means of an untrusted Java Web Start application, was able to
create or delete arbitrary files with the permissions of the user running
the untrusted application. (CVE-2008-3112, CVE-2008-3113)

A vulnerability in Java Web Start when processing untrusted applications
was reported. An attacker was able to acquire sensitive information, such
as the cache location. (CVE-2008-3114)

Users of java-1.5.0-sun should upgrade to these updated packages, which
correct these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3103
BugTraq ID: 30146
Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and (Google Search)
Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues (Google Search)
Cert/CC Advisory: TA08-193A
RedHat Security Advisories: RHSA-2009:0466
SuSE Security Announcement: SUSE-SA:2008:042 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:022 (Google Search)
XForce ISS Database: sun-jmx-security-bypass(43669)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3104
BugTraq ID: 30140
RedHat Security Advisories: RHSA-2008:0955
SuSE Security Announcement: SUSE-SA:2008:043 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:045 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:028 (Google Search)
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
XForce ISS Database: sun-jre-unspecified-security-bypass(43662)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3107
BugTraq ID: 30141
XForce ISS Database: sun-virtualmachine-unauth-access(43659)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3111
BugTraq ID: 30148
Bugtraq: 20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow (Google Search)
XForce ISS Database: sun-javawebstart-unspecified-bo(43664)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3112
XForce ISS Database: sun-javawebstart-file-create(43666)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3113
XForce ISS Database: sun-javawebstart-file-manipulation(43667)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3114
XForce ISS Database: sun-javawebstart-cache-info-disclosure(43668)
CopyrightCopyright (c) 2008 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.