Gentoo Linux Security Advisory 201406-32 - Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Versions less than 6.1.13.3 are affected.
090fb98b78d165daf38005d744a51c041e7041bc82e7280894ff7c9447061a32Gentoo Linux Security Advisory 201111-2 - Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impacts. Versions less than 1.6.0.29 are affected.
bdd25e09a3d2a79cb6d767a8541e666e1faf5d0e50b98660a81be4dbc3da723dRed Hat Security Advisory 2011-0880-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. Various other issues were also addressed.
23e57d99b78195d5d080dfd7d6831e809d977086b9839464c667dc791c8b7697HP Security Bulletin HPSBUX02608 SSRT100333 2 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. Revision 2 of this advisory.
33d41ce683d2244b9cb2ed8bc782c9c762848f2ce03638f2d726f4593e82eabeUbuntu Security Notice 1010-1 - Various openjdk issues have been addressed. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. Various other issues were discovered and addressed.
dbf842de06300f7667099150cb0e617a4a3656e900e4a73d6bc01c5ed06a9df2Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin (SOP) policy and domain based security controls in modern browsers when communication occurs between two domains that resolve to the same IP address. This advisory includes a Proof-of-Concept (PoC) demo and Java Applet source code. This demonstrates how the security vulnerability can be exploited to leak cookie information to an unauthorised domain, which resides on the same host IP address.
4dcd25f8fbcc43667adcc8e79c63a682a5cf651dd1ff009fd78b5a68c1584959The Oracle JRE - java.net.URLConnection class - suffers from a same-of-origin (SOP) policy bypass vulnerability. Malicious java applet proof of concept code included.
684e4a423891f26208272a79e0c2ad2eaf32f462ca567e478c4c7e944d297158
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed