Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
(HP Issues Fix for HP-UX) Oracle Java SE and Java for Business Multiple Flaws Let Remote Users Execute Arbitary Code, Access Data, Modifiy Data, and Deny Service
|
|
SecurityTracker Alert ID: 1025600 |
|
SecurityTracker URL: http://securitytracker.com/id/1025600
|
|
CVE Reference:
CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475
(Links to External Site)
|
Date: Jun 3 2011
|
Impact:
Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.4.2_29, 5.0 Update 27, 6 Update 23; and prior
|
Description:
Multiple vulnerabilities were reported in Oracle Java SE and Java for Business. A remote user can execute arbitrary code on the target system. A remote user can access and modify data on the target system. A remote user can cause denial of service conditions.
The Deployment, Networking, Launcher, Install, Sound, Swing, JDBC, HotSpot, JAXP, 2D, XML Digital Signature, and Java Language components are affected.
The Security component of JavaDB is also affected.
The following researchers reported these vulnerabilities:
Afik Castiel from Versafe Anti Fraud; Billy Rios of Google; binaryproof via Tipping Point's Zero Day Initiative; binaryproof via iDefense; Dmitri Gribenko; Eduardo Vela Nava of Google; Frederic Hoguin via Tipping Point's Zero Day Initiative; Marc Schoenefeld of Red Hat; Peter Csepely via Tipping Point's Zero Day Initiative; Roee Hay of IBM Rational Application Security Research Group; Sami Koivu via Tipping Point's Zero Day Initiative; Stefano Di Paola of Minded Security; and Tom Hawtin.
|
Impact:
A remote user can execute arbitrary code on the target system.
A remote user can access and modify data on the target system.
A remote user can cause denial of service conditions.
|
Solution:
HP has issued a fix for HP-UX.
The HP advisory is available at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02775276
|
Vendor URL: www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
UNIX (HP/UX)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 03 Jun 2011 04:01:51 +0000
Subject: HPSBUX02685 SSRT100505 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
|
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02775276
CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4452,
CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,
CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471,
CVE-2010-4472, CVE-2010-4473, CVE-2010-4475
|
|
Go to the Top of This SecurityTracker Archive Page
|
