English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61260
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0595
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0595.

The Java Runtime Environment (JRE) contains the software and tools that
users need to run applets and applications written using the Java
programming language.

A vulnerability was found in the Java Management Extensions (JMX)
management agent, when local monitoring is enabled. This allowed remote
attackers to perform illegal operations. (CVE-2008-3103)

Multiple vulnerabilities with unsigned applets were reported. A remote
attacker could misuse an unsigned applet to connect to localhost services
running on the host running the applet. (CVE-2008-3104)

A Java Runtime Environment (JRE) vulnerability could be triggered by an
untrusted application or applet. A remote attacker could grant an untrusted
applet extended privileges such as reading and writing local files, or
executing local programs. (CVE-2008-3107)

Several buffer overflow vulnerabilities in Java Web Start were reported.
These vulnerabilities may allow an untrusted Java Web Start application to
elevate its privileges and thereby grant itself permission to read and/or
write local files, as well as to execute local applications accessible to
the user running the untrusted application. (CVE-2008-3111)

Two file processing vulnerabilities in Java Web Start were found. A remote
attacker, by means of an untrusted Java Web Start application, was able to
create or delete arbitrary files with the permissions of the user running
the untrusted application. (CVE-2008-3112, CVE-2008-3113)

A vulnerability in Java Web Start when processing untrusted applications
was reported. An attacker was able to acquire sensitive information, such
as the cache location. (CVE-2008-3114)

Users of java-1.5.0-sun should upgrade to these updated packages, which
correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0595.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3103
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
BugTraq ID: 30146
http://www.securityfocus.com/bid/30146
Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and (Google Search)
http://marc.info/?l=bugtraq&m=122331139823057&w=2
Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues (Google Search)
http://www.securityfocus.com/archive/1/497041/100/0/threaded
Cert/CC Advisory: TA08-193A
http://www.us-cert.gov/cas/techalerts/TA08-193A.html
http://security.gentoo.org/glsa/glsa-200911-02.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10920
http://www.redhat.com/support/errata/RHSA-2008-0594.html
http://www.redhat.com/support/errata/RHSA-2008-0595.html
http://www.redhat.com/support/errata/RHSA-2008-0891.html
http://www.redhat.com/support/errata/RHSA-2008-0906.html
http://www.redhat.com/support/errata/RHSA-2008-1044.html
http://www.redhat.com/support/errata/RHSA-2008-1045.html
RedHat Security Advisories: RHSA-2009:0466
https://rhn.redhat.com/errata/RHSA-2009-0466.html
http://www.securitytracker.com/id?1020458
http://secunia.com/advisories/31010
http://secunia.com/advisories/31055
http://secunia.com/advisories/31497
http://secunia.com/advisories/31600
http://secunia.com/advisories/32018
http://secunia.com/advisories/32179
http://secunia.com/advisories/32180
http://secunia.com/advisories/32394
http://secunia.com/advisories/32436
http://secunia.com/advisories/32437
http://secunia.com/advisories/33237
http://secunia.com/advisories/33238
http://secunia.com/advisories/34972
http://secunia.com/advisories/37386
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1
SuSE Security Announcement: SUSE-SA:2008:042 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
SuSE Security Announcement: SUSE-SR:2008:022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html
http://www.vupen.com/english/advisories/2008/2056/references
http://www.vupen.com/english/advisories/2008/2740
XForce ISS Database: sun-jmx-security-bypass(43669)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43669
Common Vulnerability Exposure (CVE) ID: CVE-2008-3104
BugTraq ID: 30140
http://www.securityfocus.com/bid/30140
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565
http://www.redhat.com/support/errata/RHSA-2008-0790.html
RedHat Security Advisories: RHSA-2008:0955
http://rhn.redhat.com/errata/RHSA-2008-0955.html
http://www.redhat.com/support/errata/RHSA-2008-1043.html
http://www.securitytracker.com/id?1020459
http://secunia.com/advisories/31269
http://secunia.com/advisories/31320
http://secunia.com/advisories/31736
http://secunia.com/advisories/32826
http://secunia.com/advisories/33194
http://secunia.com/advisories/33236
http://secunia.com/advisories/35065
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1
SuSE Security Announcement: SUSE-SA:2008:043 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
SuSE Security Announcement: SUSE-SA:2008:045 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
SuSE Security Announcement: SUSE-SR:2008:028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
XForce ISS Database: sun-jre-unspecified-security-bypass(43662)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43662
Common Vulnerability Exposure (CVE) ID: CVE-2008-3107
BugTraq ID: 30141
http://www.securityfocus.com/bid/30141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10219
http://www.securitytracker.com/id?1020455
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1
XForce ISS Database: sun-virtualmachine-unauth-access(43659)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43659
Common Vulnerability Exposure (CVE) ID: CVE-2008-3111
BugTraq ID: 30148
http://www.securityfocus.com/bid/30148
Bugtraq: 20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/494505/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-043/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541
http://www.securitytracker.com/id?1020452
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
XForce ISS Database: sun-javawebstart-unspecified-bo(43664)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43664
Common Vulnerability Exposure (CVE) ID: CVE-2008-3112
http://www.zerodayinitiative.com/advisories/ZDI-08-042/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11102
XForce ISS Database: sun-javawebstart-file-create(43666)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43666
Common Vulnerability Exposure (CVE) ID: CVE-2008-3113
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10454
XForce ISS Database: sun-javawebstart-file-manipulation(43667)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43667
Common Vulnerability Exposure (CVE) ID: CVE-2008-3114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9755
XForce ISS Database: sun-javawebstart-cache-info-disclosure(43668)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43668
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.