Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0906

The remote host is missing updates announced in
advisory RHSA-2008:0906.

The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

A flaw was found in the Java Management Extensions (JMX) management agent.
When local monitoring is enabled, remote attackers could use this flaw to
perform illegal operations. (CVE-2008-3103)

Several flaws involving the handling of unsigned applets were found. A
remote attacker could misuse an unsigned applet in order to connect to
services on the host running the applet. (CVE-2008-3104)

Several flaws in the Java API for XML Web Services (JAX-WS) client and the
JAX-WS service implementation were found. A remote attacker who could cause
malicious XML to be processed by an application could access URLs, or cause
a denial of service. (CVE-2008-3105, CVE-2008-3106)

Several flaws within the Java Runtime Environment (JRE) scripting support
were found. A remote attacker could grant an untrusted applet extended
privileges, such as reading and writing local files, executing
local programs, or querying the sensitive data of other applets.
(CVE-2008-3109, CVE-2008-3110)

A flaw in Java Web Start was found. Using an untrusted Java Web
Start application, a remote attacker could create or delete arbitrary
files with the permissions of the user running the untrusted application.

A flaw in Java Web Start when processing untrusted applications was found.
An attacker could use this flaw to acquire sensitive information, such as
the location of the cache. (CVE-2008-3114)

All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM 1.6.0 SR2 Java release, which resolves these

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3103
BugTraq ID: 30146
Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and (Google Search)
Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues (Google Search)
Cert/CC Advisory: TA08-193A
RedHat Security Advisories: RHSA-2009:0466
SuSE Security Announcement: SUSE-SA:2008:042 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:022 (Google Search)
XForce ISS Database: sun-jmx-security-bypass(43669)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3104
BugTraq ID: 30140
RedHat Security Advisories: RHSA-2008:0955
SuSE Security Announcement: SUSE-SA:2008:043 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:045 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:028 (Google Search)
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
XForce ISS Database: sun-jre-unspecified-security-bypass(43662)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3105
BugTraq ID: 30143
XForce ISS Database: sun-jre-jaxws-unauth-access(43654)
XForce ISS Database: sun-jre-xml-dos(43657)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3106
XForce ISS Database: sun-jre-xml-unauth-access(43658)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3109
BugTraq ID: 30144
XForce ISS Database: sun-jre-scripting-unauth-access(43660)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3110
XForce ISS Database: sun-jre-scripting-info-disclosure(43661)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3112
BugTraq ID: 30148
XForce ISS Database: sun-javawebstart-file-create(43666)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3114
XForce ISS Database: sun-javawebstart-cache-info-disclosure(43668)
CopyrightCopyright (c) 2008 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.