Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Java JDK/JRE/SDK, several vulnerabilities

July 2008 by Vigil@nce

Several vulnerabilities were announced in Java JDK/JRE/SDK.

 Gravity: 4/4
 Consequences: user access/rights, data reading, data
 creation/edition
 Provenance: document
 Means of attack: no proof of concept, no attack
 Ability of attacker: expert (4/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Creation date: 09/07/2008
 Identifier: VIGILANCE-VUL-7943

IMPACTED PRODUCTS

 Fedora [confidential versions]
 Java JRE/JDK [confidential versions]
 Java JRE/JDK/J2SE [confidential versions]
 Java JRE/SDK [confidential versions]
 Java JRE/SDK/J2SE [confidential versions]

DESCRIPTION

Several vulnerabilities were announced in Java JDK/JRE/SDK.

An attacker can use XML data to access to some resources.
[grav:1/4; 238628, 6542088, 6607339]

A malicious applet/application can use a character font to execute
code on the system. [grav:4/4; 238666, 6450319]

A malicious applet/application can use the script language to
execute code on the system. [grav:4/4; 238687, 6529568, 6529579]

Several vulnerabilities of Java Web Start can be used by an
attacker to execute code, to access to files or to obtain
information. [grav:3/4; 238905, 6557220, 6703909, 6704074, 6704077]

A JMX (Java Management Extensions) client can perform unauthorized
operations when local monitoring (sun.management.JMXConnectorServer.address)
is enabled. [grav:2/4; 238965, 6332953]

Since version JRE 5.0 Update 6, an applet always run on the latest
JRE version. However, if an old version is installed, this
potentially vulnerable version is used. [grav:1/4; 238966, 6581221]

A malicious applet/application can execute code on the system.
[grav:4/4; 238967, 6661918]

A malicious Java applet can open a TCP/UDP socket connection to a
chosen IP address. [grav:2/4; 238968, 6687392]

CHARACTERISTICS

 Identifiers: 238628, 238666, 238687, 238905, 238965, 238966,
238967, 238968, 6332953, 6450319, 6529568, 6529579, 6542088,
6557220, 6581221, 6607339, 6661918, 6687392, 6703909, 6704074,
6704077, FEDORA-2008-6271, VIGILANCE-VUL-7943
 Url: https://vigilance.aql.fr/tree/1/7943


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts