Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.805266
Kategorie:General
Titel:Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 Feb 2015 (Windows)
Zusammenfassung:The host is installed with Oracle Java SE; JRE and is prone to multiple unspecified vulnerabilities.
Beschreibung:Summary:
The host is installed with Oracle Java SE
JRE and is prone to multiple unspecified vulnerabilities.

Vulnerability Insight:
Multiple unspecified flaws exist due to:

- An infinite loop in the DER decoder that is triggered when handling negative
length values.

- An error in the RMI component's transport implementation related to incorrect
context class loader use.

- An error in the Swing component's file chooser implementation.

- An error in vm/memory/referenceProcessor.cpp related to handling of phantom
object references in the Hotspot JVM garbage collector.

- An error in the Hotspot JVM related to insecure handling of temporary
performance data files.

- An error in the JSSE component related to improper ChangeCipherSpec tracking
during SSL/TLS handshakes.

- Two out-of-bounds read errors in the layout component that is triggered when
parsing fonts.

Vulnerability Impact:
Successful exploitation will allow attackers
to conduct a denial of service attack, man-in-the-middle attack, potentially
disclose memory contents, remove or overwrite arbitrary files on the system,
disclose certain directory information, bypass sandbox restrictions and
potentially execute arbitrary code.

Affected Software/OS:
Oracle Java SE 5 update 75 and prior, 6
update 85 and prior, 7 update 72 and prior, and 8 update 25 and prior on
Windows.

Solution:
Apply the patch from the referenced advisory.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 72165
BugTraq ID: 72140
BugTraq ID: 72162
BugTraq ID: 72142
BugTraq ID: 72155
BugTraq ID: 72169
BugTraq ID: 72175
BugTraq ID: 72173
Common Vulnerability Exposure (CVE) ID: CVE-2015-0410
http://www.securityfocus.com/bid/72165
Debian Security Information: DSA-3144 (Google Search)
http://www.debian.org/security/2015/dsa-3144
Debian Security Information: DSA-3147 (Google Search)
http://www.debian.org/security/2015/dsa-3147
https://security.gentoo.org/glsa/201507-14
HPdes Security Advisory: HPSBUX03273
http://marc.info/?l=bugtraq&m=142496355704097&w=2
HPdes Security Advisory: HPSBUX03281
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581
HPdes Security Advisory: SSRT101951
HPdes Security Advisory: SSRT101968
http://marc.info/?l=bugtraq&m=142607790919348&w=2
RedHat Security Advisories: RHSA-2015:0068
http://rhn.redhat.com/errata/RHSA-2015-0068.html
RedHat Security Advisories: RHSA-2015:0079
http://rhn.redhat.com/errata/RHSA-2015-0079.html
RedHat Security Advisories: RHSA-2015:0080
http://rhn.redhat.com/errata/RHSA-2015-0080.html
RedHat Security Advisories: RHSA-2015:0085
http://rhn.redhat.com/errata/RHSA-2015-0085.html
RedHat Security Advisories: RHSA-2015:0086
http://rhn.redhat.com/errata/RHSA-2015-0086.html
RedHat Security Advisories: RHSA-2015:0136
http://rhn.redhat.com/errata/RHSA-2015-0136.html
RedHat Security Advisories: RHSA-2015:0264
http://rhn.redhat.com/errata/RHSA-2015-0264.html
http://www.securitytracker.com/id/1031580
SuSE Security Announcement: SUSE-SU-2015:0336 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html
SuSE Security Announcement: SUSE-SU-2015:0503 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html
SuSE Security Announcement: openSUSE-SU-2015:0190 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html
http://www.ubuntu.com/usn/USN-2486-1
http://www.ubuntu.com/usn/USN-2487-1
XForce ISS Database: oracle-cpujan2015-cve20150410(100151)
https://exchange.xforce.ibmcloud.com/vulnerabilities/100151
Common Vulnerability Exposure (CVE) ID: CVE-2015-0408
http://www.securityfocus.com/bid/72140
https://security.gentoo.org/glsa/201603-14
XForce ISS Database: oracle-cpujan2015-cve20150408(100142)
https://exchange.xforce.ibmcloud.com/vulnerabilities/100142
Common Vulnerability Exposure (CVE) ID: CVE-2015-0407
http://www.securityfocus.com/bid/72162
XForce ISS Database: oracle-cpujan2015-cve20150407(100150)
https://exchange.xforce.ibmcloud.com/vulnerabilities/100150
Common Vulnerability Exposure (CVE) ID: CVE-2015-0395
http://www.securityfocus.com/bid/72142
XForce ISS Database: oracle-cpujan2015-cve20150395(100143)
https://exchange.xforce.ibmcloud.com/vulnerabilities/100143
Common Vulnerability Exposure (CVE) ID: CVE-2015-0383
http://www.securityfocus.com/bid/72155
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158791.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158810.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158088.html
XForce ISS Database: oracle-cpujan2015-cve20150383(100148)
https://exchange.xforce.ibmcloud.com/vulnerabilities/100148
Common Vulnerability Exposure (CVE) ID: CVE-2014-6593
http://www.securityfocus.com/bid/72169
https://www.exploit-db.com/exploits/38641/
http://packetstormsecurity.com/files/134251/Java-Secure-Socket-Extension-JSSE-SKIP-TLS.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-6591
http://www.securityfocus.com/bid/72175
Common Vulnerability Exposure (CVE) ID: CVE-2014-6585
http://www.securityfocus.com/bid/72173
Debian Security Information: DSA-3323 (Google Search)
http://www.debian.org/security/2015/dsa-3323
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.