English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61722
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0906
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0906.

The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

A flaw was found in the Java Management Extensions (JMX) management agent.
When local monitoring is enabled, remote attackers could use this flaw to
perform illegal operations. (CVE-2008-3103)

Several flaws involving the handling of unsigned applets were found. A
remote attacker could misuse an unsigned applet in order to connect to
services on the host running the applet. (CVE-2008-3104)

Several flaws in the Java API for XML Web Services (JAX-WS) client and the
JAX-WS service implementation were found. A remote attacker who could cause
malicious XML to be processed by an application could access URLs, or cause
a denial of service. (CVE-2008-3105, CVE-2008-3106)

Several flaws within the Java Runtime Environment (JRE) scripting support
were found. A remote attacker could grant an untrusted applet extended
privileges, such as reading and writing local files, executing
local programs, or querying the sensitive data of other applets.
(CVE-2008-3109, CVE-2008-3110)

A flaw in Java Web Start was found. Using an untrusted Java Web
Start application, a remote attacker could create or delete arbitrary
files with the permissions of the user running the untrusted application.
(CVE-2008-3112)

A flaw in Java Web Start when processing untrusted applications was found.
An attacker could use this flaw to acquire sensitive information, such as
the location of the cache. (CVE-2008-3114)

All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM 1.6.0 SR2 Java release, which resolves these
issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0906.html
http://www-128.ibm.com/developerworks/java/jdk/alerts/
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3103
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
BugTraq ID: 30146
http://www.securityfocus.com/bid/30146
Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and (Google Search)
http://marc.info/?l=bugtraq&m=122331139823057&w=2
Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues (Google Search)
http://www.securityfocus.com/archive/1/497041/100/0/threaded
Cert/CC Advisory: TA08-193A
http://www.us-cert.gov/cas/techalerts/TA08-193A.html
http://security.gentoo.org/glsa/glsa-200911-02.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10920
http://www.redhat.com/support/errata/RHSA-2008-0594.html
http://www.redhat.com/support/errata/RHSA-2008-0595.html
http://www.redhat.com/support/errata/RHSA-2008-0891.html
http://www.redhat.com/support/errata/RHSA-2008-0906.html
http://www.redhat.com/support/errata/RHSA-2008-1044.html
http://www.redhat.com/support/errata/RHSA-2008-1045.html
RedHat Security Advisories: RHSA-2009:0466
https://rhn.redhat.com/errata/RHSA-2009-0466.html
http://www.securitytracker.com/id?1020458
http://secunia.com/advisories/31010
http://secunia.com/advisories/31055
http://secunia.com/advisories/31497
http://secunia.com/advisories/31600
http://secunia.com/advisories/32018
http://secunia.com/advisories/32179
http://secunia.com/advisories/32180
http://secunia.com/advisories/32394
http://secunia.com/advisories/32436
http://secunia.com/advisories/32437
http://secunia.com/advisories/33237
http://secunia.com/advisories/33238
http://secunia.com/advisories/34972
http://secunia.com/advisories/37386
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1
SuSE Security Announcement: SUSE-SA:2008:042 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
SuSE Security Announcement: SUSE-SR:2008:022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html
http://www.vupen.com/english/advisories/2008/2056/references
http://www.vupen.com/english/advisories/2008/2740
XForce ISS Database: sun-jmx-security-bypass(43669)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43669
Common Vulnerability Exposure (CVE) ID: CVE-2008-3104
BugTraq ID: 30140
http://www.securityfocus.com/bid/30140
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565
http://www.redhat.com/support/errata/RHSA-2008-0790.html
RedHat Security Advisories: RHSA-2008:0955
http://rhn.redhat.com/errata/RHSA-2008-0955.html
http://www.redhat.com/support/errata/RHSA-2008-1043.html
http://www.securitytracker.com/id?1020459
http://secunia.com/advisories/31269
http://secunia.com/advisories/31320
http://secunia.com/advisories/31736
http://secunia.com/advisories/32826
http://secunia.com/advisories/33194
http://secunia.com/advisories/33236
http://secunia.com/advisories/35065
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1
SuSE Security Announcement: SUSE-SA:2008:043 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
SuSE Security Announcement: SUSE-SA:2008:045 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
SuSE Security Announcement: SUSE-SR:2008:028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
XForce ISS Database: sun-jre-unspecified-security-bypass(43662)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43662
Common Vulnerability Exposure (CVE) ID: CVE-2008-3105
http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html
BugTraq ID: 30143
http://www.securityfocus.com/bid/30143
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11274
http://www.securitytracker.com/id?1020457
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1
XForce ISS Database: sun-jre-jaxws-unauth-access(43654)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43654
XForce ISS Database: sun-jre-xml-dos(43657)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43657
Common Vulnerability Exposure (CVE) ID: CVE-2008-3106
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10866
XForce ISS Database: sun-jre-xml-unauth-access(43658)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43658
Common Vulnerability Exposure (CVE) ID: CVE-2008-3109
BugTraq ID: 30144
http://www.securityfocus.com/bid/30144
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8540
http://www.securitytracker.com/id?1020456
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
XForce ISS Database: sun-jre-scripting-unauth-access(43660)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43660
Common Vulnerability Exposure (CVE) ID: CVE-2008-3110
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10734
XForce ISS Database: sun-jre-scripting-info-disclosure(43661)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43661
Common Vulnerability Exposure (CVE) ID: CVE-2008-3112
BugTraq ID: 30148
http://www.securityfocus.com/bid/30148
http://www.zerodayinitiative.com/advisories/ZDI-08-042/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11102
http://www.securitytracker.com/id?1020452
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
XForce ISS Database: sun-javawebstart-file-create(43666)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43666
Common Vulnerability Exposure (CVE) ID: CVE-2008-3114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9755
XForce ISS Database: sun-javawebstart-cache-info-disclosure(43668)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43668
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.