Computer Security
[EN] securityvulns.ru
no-pyccku



Oracle Java multiple security vulnerabilities
updated since 24.10.2011
Published:11.11.2011
Source:ORACLE
SecurityVulns ID:11988
Type:library
Level:9/10
Description:Quarterly CPU fixes 20 different vulnerabilities.
Affected:ORACLE : JRE 1.4
 ORACLE : JRE 5
 ORACLE : JRE 6
 ORACLE : JDK 6
 ORACLE : JDK 7
 ORACLE : JRE 7
 ORACLE : JDK 5
 ORACLE : JavaFX 2.0
 ORACLE : JRockit 28.1
CVE:CVE-2011-3561 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.)
 CVE-2011-3560 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.)
 CVE-2011-3558 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.)
 CVE-2011-3557 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.)
 CVE-2011-3556 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.)
 CVE-2011-3555 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.)
 CVE-2011-3554 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2011-3553 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.)
 CVE-2011-3552 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking.)
 CVE-2011-3551 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2011-3550 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.)
 CVE-2011-3549 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.)
 CVE-2011-3548 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.)
 CVE-2011-3547 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.)
 CVE-2011-3546 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.)
 CVE-2011-3545 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.)
 CVE-2011-3544 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.)
 CVE-2011-3521 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.)
 CVE-2011-3516 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Original documentdocumentAPPLE, APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 (11.11.2011)
 documentZDI, ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability (31.10.2011)
 documentRoee Hay, DNS Poisoning via Port Exhaustion (24.10.2011)
Discuss:Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru