| New User, Welcome! Login |
Next Page >>
Java Development Kit
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
References: CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.10 or earlier
Potential Security Impact: Remote execution of arbitrary code, disclosure of information and other vulnerabilities.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities.
References: CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3564, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.09 or earlier
Potential Security Impact: Remote execution of arbitrary code, disclosure of information and other vulnerabilities.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities.
References: CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2009-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010- 3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3564, CVE-2010-3565, CVE- 2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.09 or earlier
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
References: CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0872, CVE-2011-0873.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.11 or earlier
TSL ID: TSL20120214-01
1. Affected Software
Oracle Java Development Kit (JDK) 6 Update 30 and prior
Oracle Java Development Kit (JDK) 7 Update 2 and prior
Oracle JavaFX 2.0.2 and prior
Oracle Java Runtime Environment (JRE) 6 Update 30 and prior
Oracle Java Runtime Environment (JRE) 7 Update 2 and prior
Hotfixes
Customers can request the following hotfixes by contacting the normal HP Services support channel.
NNMi Version
JDK
Hotfix Number
NNMi 9.0x
JDK b
QCCR1B87492
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer
Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation,
and Denial of Service (DoS)
References: SUN ALERT ID: 270474 (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871,
Potential Security Impact: Remote execution of arbitrary code, disclosure of information and other vulnerabilities.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities.
References: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.06 or earlier
Potential Security Impact: Mulitple remote vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS)
References: SUNALERT ID: 244988 (CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344), 246387 (CVE-2008-5345), 246366 (CVE-2008-5347), 246346 (CVE-2008-5348), 246266 CVE-2008-5350), 245246 (CVE-2008-5351), 244991 (CVE-2008-5353), 244990 (CVE-2008-5354), 244987 (CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359), 244986 (CVE-2008-5360)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.02 or earlier
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in IBM Java Development Kit
(JDK) and Java Runtime Environment (JRE), resulting in the execution of
arbitrary code.
Background
==========
Potential Security Impact: Remote execution of arbitrary code and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, execution of arbitrary code, and Denial of Service (DoS).
References: SUN ALERT ID:
254569 (CVE-2009-1093, CVE-2009-1094),
254570 (CVE-2009-1095, CVE-2009-1096),
254571 (CVE-2009-1097, CVE-2009-1098, CVE-2009-1099),
Potential Security Impact: Remote execution of arbitrary code and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, execution of arbitrary code, and Denial of Service (DoS).
References: SUN ALERT ID: 246286 (CVE-2008-5349), 254569 (CVE-2009-1093, CVE-2009-1094), 254570 (CVE-2009-1095, CVE-2009-1096), 254571 (CVE-2009-1097, CVE-2009-1098, CVE-2009-1099), 254608 (CVE-2009-1100), 254609 (CVE-2009-1101), 254610 (CVE-2009-1102), 254611 (CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107).
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.03 or earlier
Potential Security Impact: Remote Increase in privilege, Denial of Service and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).
References: SUN ALERT ID: 263429 (CVE-2009-0217), 263489 (CVE-2009-2625), 263408 (CVE-2009-2670), 263409 (CVE-2009-2671), 263409 (CVE-2009-2672), 263409 (CVE-2009-2673), 263428 (CVE-2009-2674), 263488 (CVE-2009-2675), 263490 (CVE-2009-2676).
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.04 or earlier
attacks, including the remote execution of arbitrary code.
Background
==========
The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
(JRE) provide the Sun Java platform.
Affected packages
=================
vulnerabilities.
Background
==========
The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
provide the Oracle Java platform (formerly known as Sun Java Platform).
Affected packages
=================
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01234533
Version: 2
HPSBUX02284 SSRT071483 rev.2 - HP-UX Running Java JRE and JDK, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-11-14
Last Updated: 2007-11-14
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01234533
Version: 4
HPSBUX02284 SSRT071483 rev.4 - HP-UX Running Java JRE and JDK, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-11-19
Last Updated: 2007-12-19
Hotfixes
Customers can request the following hotfixes by contacting the normal HP Services support channel.
NNMi Version
JDK
Hotfix Number
Operating System
NNMi 8.1x
JDK b
Name: Untrusted Java applet can connect to localhost
Release Date: 29 October 2007
Reference: NGS00443
Discover: John Heasman <john@ngssoftware.com>
Vendor: Sun Microsystems
Systems Affected: JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0
Update 11 and earlier, SDK and JRE 1.4.2_14 and earlier
Risk: Medium
Status: Published
========
Synopsis
========
Multiple vulnerabilities have been identified in Sun Java Development
Kit (JDK) and Java Runtime Environment (JRE).
Background
==========
The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
VUPEN Security Research - Sun Java JDK/JRE Unpack200 Buffer Overflow
Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Java is a programming language and computing platform released by
VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Index
Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Java is a programming language and computing platform released by
allowing attackers to cause unspecified impact.
Background
==========
The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
provide the Oracle Java platform (formerly known as Sun Java Platform).
Affected packages
=================
VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Pointer
Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Java is a programming language and computing platform released by
Version 1.6.0_05 on Windows did not appear to be vulnerable. However,
Sun recommends that any installations with the following versions be
updated:
* JDK and JRE 6 Update 10 and earlier
* JDK and JRE 5.0 Update 16 and earlier
* SDK and JRE 1.4.2_18 and earlier
Sun reports that JRE 1.3.x is not affected, nor is JRE 6 Update 7 for
Intel Itanium. For more information on versions affected and updates,
RESOLUTION
HP has made the following software tool available to resolve the vulnerability.
The FPUpdater tool (Floating Point Updater) must be run to update the Java Development Kit (JDK) and/or the Java Runtime Environment (JRE). This tool can be used to update all versions of HP-UX Java.
To download the FPUpdater tool, go to https://www.hp.com/go/java then click on the link for the FPUpdater tool
An HP Passport user ID is required to download the FPUpdater tool and its Readme file. For information on registering for an HP Passport user ID, refer to: https://passport2.hp.com
RESOLUTION
HP has made the following software tool available to resolve the vulnerability.
The FPUpdater tool (Floating Point Updater) must be run to update the Java Development Kit (JDK) and/or the Java Runtime Environment (JRE). This tool can be used to update all versions of HP-UX Java.
To download the FPUpdater tool, go to https://www.hp.com/go/java then click on the link for the FPUpdater tool
Note: Before running the FPUpdater tool set the shell environment variable JRE_HOME as follows:
RESOLUTION
HP has made the following software tool available to resolve the vulnerability.
The FPUpdater tool (Floating Point Updater) must be run to update the Java Development Kit (JDK) and/or the Java Runtime Environment (JRE) for Java v 1.4-x, v 5.0-x, and v 6.0-x.
To download the FPUpdater tool, go to http://h18012.www1.hp.com/java/alpha/fpupdater_index.html
HISTORY
Version:1 (rev.1) - 5 May 2011 Initial release
Vendor: SpringSource
Versions Affected:
Spring Framework 1.1.0-2.5.6, 3.0.0.M1-3.0.0.M2
dm Server 1.0.0-1.0.2 (note 2.x not affected since dm Server 2.x requires a 1.6 JDK)
Description:
The j.u.r.Pattern.compile method in Sun 1.5 JDK has a problem ([1],[2]) with exponential compilation times, when using optional groups. A workaround [3] was implemented in 1.4.2_06 but the root cause of poor performance in regex processing was not resolved until JDK 1.6.
JdkRegexpMethodPointcut calls Pattern.compile(source[i]); via it's inherited readObject method (from AbstractRegexpMethodPointcut). When Sun JVM 1.5 driven application with spring.jar in its classpath accepts serializable data, an attacker could use a long regex string with many optional groups to consume enormous CPU resources. And, with a few requests all listeners will be occupied with compiling regex expressions forever.
RESOLUTION
HP has made the following software tool available to resolve the vulnerability.
The FPUpdater tool (Floating Point Updater) must be run to update the Java Development Kit (JDK) and/or the Java Runtime Environment (JRE) for Java v 1.4-x.
To download the FPUpdater tool, go to http://h18012.www1.hp.com/java/alpha/fpupdater_index.html
HISTORY
Version:1 (rev.1) - 5 May 2011 Initial release
Next Page>>
|
|
|
