General : Sun Java JRE Multiple Vulnerabilities (Linux)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902168

Categoría: General

Título: Sun Java JRE Multiple Vulnerabilities (Linux)

Resumen: This host is installed with Sun Java Deployment Toolkit and is prone to; multiple vulnerabilities.

Descripción: Summary:
This host is installed with Sun Java Deployment Toolkit and is prone to
multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to an input validation error in 'JRE' that does not
properly validate arguments supplied via 'javaw.exe' before being passed to
a 'CreateProcessA' call, which could allow remote attackers to automatically
download and execute a malicious JAR file hosted on a network.

Vulnerability Impact:
Successful exploitation allows execution of arbitrary code by tricking a user
into visiting a malicious web page.

Affected Software/OS:
Sun Java version 6 Update 19 and prior on Linux.

Solution:
Upgrade to Sun Java version 6 Update 20.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 39492
Common Vulnerability Exposure (CVE) ID: CVE-2010-0886
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/516397/100/0/threaded
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14216
http://secunia.com/advisories/39819
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022294.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-279590-1
http://www.vupen.com/english/advisories/2010/1191
Common Vulnerability Exposure (CVE) ID: CVE-2010-0887
Common Vulnerability Exposure (CVE) ID: CVE-2010-1423
CERT/CC vulnerability note: VU#886582
http://www.kb.cert.org/vuls/id/886582
http://lists.grok.org.uk/pipermail/full-disclosure/2010-April/074036.html
http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1
http://osvdb.org/63648
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14090
http://www.securitytracker.com/id?1023840
http://secunia.com/advisories/39260
http://www.vupen.com/english/advisories/2010/0853
XForce ISS Database: jre-toolkit-command-execution(57615)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57615

Copyright Copyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902168
Categoría:	General
Título:	Sun Java JRE Multiple Vulnerabilities (Linux)
Resumen:	This host is installed with Sun Java Deployment Toolkit and is prone to; multiple vulnerabilities.
Descripción:	Summary: This host is installed with Sun Java Deployment Toolkit and is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to an input validation error in 'JRE' that does not properly validate arguments supplied via 'javaw.exe' before being passed to a 'CreateProcessA' call, which could allow remote attackers to automatically download and execute a malicious JAR file hosted on a network. Vulnerability Impact: Successful exploitation allows execution of arbitrary code by tricking a user into visiting a malicious web page. Affected Software/OS: Sun Java version 6 Update 19 and prior on Linux. Solution: Upgrade to Sun Java version 6 Update 20. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 39492 Common Vulnerability Exposure (CVE) ID: CVE-2010-0886 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search) http://www.securityfocus.com/archive/1/516397/100/0/threaded HPdes Security Advisory: HPSBMU02799 http://marc.info/?l=bugtraq&m=134254866602253&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14216 http://secunia.com/advisories/39819 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022294.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-279590-1 http://www.vupen.com/english/advisories/2010/1191 Common Vulnerability Exposure (CVE) ID: CVE-2010-0887 Common Vulnerability Exposure (CVE) ID: CVE-2010-1423 CERT/CC vulnerability note: VU#886582 http://www.kb.cert.org/vuls/id/886582 http://lists.grok.org.uk/pipermail/full-disclosure/2010-April/074036.html http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1 http://osvdb.org/63648 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14090 http://www.securitytracker.com/id?1023840 http://secunia.com/advisories/39260 http://www.vupen.com/english/advisories/2010/0853 XForce ISS Database: jre-toolkit-command-execution(57615) https://exchange.xforce.ibmcloud.com/vulnerabilities/57615
Copyright	Copyright (C) 2010 Greenbone Networks GmbH