Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
(HP Issues Fix for Network Node Manager i) Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service
|
|
SecurityTracker Alert ID: 1027255 |
|
SecurityTracker URL: http://securitytracker.com/id/1027255
|
|
CVE Reference:
CVE-2011-3563, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0504, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0508
(Links to External Site)
|
Date: Jul 17 2012
|
Impact:
Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 9.1x
|
Description:
Multiple vulnerabilities were reported in Oracle Java SE. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. HP Network Node Manager i (NNMi) is affected.
A remote user can send specially crafted data to execute arbitrary code on the target system or cause complete denial of service conditions. The Java 2D [CVE-2012-0497, CVE-2012-0498, CVE-2012-0499], deploy [CVE-2012-0500], and install [CVE-2012-0504] components are affected.
JavaFX is also affected [CVE-2012-0508].
A remote user can partially access and modify data and partially deny service on the target system. The I18n [CVE-2012-0503] and serialization [CVE-2012-0505] components are affected.
A remote user can partially access data and partially deny service on the target system. The AWT [CVE-2012-0502] and sound [CVE-2011-3563] components are affected.
A remote user can cause partial denial of service conditions on the target system. The JRE component is affected [CVE-2012-0501].
A remote user can partially modify data on the target system. The CORBA component is affected [CVE-2012-0506].
A remote user can partially access and modify data and partially deny service on the target system [CVE-2012-0507]. The Concurrancy component is affected.
The following researchers reported these vulnerabilities:
Alin Rad Pop (binaryproof) via Tipping Point's Zero Day Initiative; an Anonymous Reporter via iDefense; an Anonymous Reporter of TippingPoint's Zero Day Initiative; TELUS Security Labs; Chris Ries via TippingPoint; Doug Lea of OSWEGO State University of New York; Jeroen Frijters; Peter Vreugdenhil of TippingPoint DVLabs; and Timo Warns of PRESENSE Technologies.
|
Impact:
A remote user can execute arbitrary code on the target system.
A remote user can cause denial of service conditions.
|
Solution:
HP has issued a fix for NNMi running JDK.
The HP advisory is available at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03358587
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
Go to the Top of This SecurityTracker Archive Page
|
