‫ Oracle Java Multiple Vulnerabilities

IRCAD2013102936
ID:IRCAD2013102936
Release Date: 2013-10-16
Criticality level:Highly critical
Software:
Oracle Java JDK 1.5.x / 5.x
Oracle Java JDK 1.6.x / 6.x
Oracle Java JDK 1.7.x / 7.x
Oracle Java JRE 1.5.x / 5.x
Oracle Java JRE 1.6.x / 6.x
Oracle Java JRE 1.7.x / 7.x
Description:                                                         
Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious users to manipulate certain data and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) An unspecified error within the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code.
2) An unspecified error within the Libraries component of the client and server deployment can be exploited to potentially execute arbitrary code.
3) An unspecified error within the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
4) Another unspecified error within the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
5) An unspecified error within the CORBA component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
6) An unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
7) Another unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
8) Another unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
9) Another unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
10) An unspecified error within the JNDI component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
11) An unspecified error within the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
12) An unspecified error within the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
13) An unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
14) An unspecified error within the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
15) Another unspecified error within the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
16) An unspecified error within the Swing component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
17) Another unspecified error within the Swing component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
18) An unspecified error within the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
19) Another unspecified error within the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
20) Another unspecified error within the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
21) Another unspecified error within the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
22) An unspecified error within the Deployment component of the client deployment installation process can be exploited to potentially execute arbitrary code.
23) An unspecified error within the JAXP component of the client and server deployment can be exploited to update, insert, or delete some Java accessible data and cause a partial DoS.
24) An unspecified error within the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data and cause a partial DoS.
25) An unspecified error within the Javadoc component in the context of sites running the Javadoc tool as a service and hosting the resulting documentation can be exploited read, update, insert, or delete some Java accessible data.
26) An unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of some Java accessible data and cause a partial DoS.
27) An unspecified error within the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read, update, insert, or delete some Java accessible data.
28) An unspecified error within the Swing component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read, update, insert, or delete some Java accessible data.
29) An unspecified error within the JAXP component of the client and server deployment can be exploited to cause a partial DoS.
30) Another unspecified error within the JAXP component of the client and server deployment can be exploited to cause a partial DoS.
31) An unspecified error within the Security component of the client and server deployment can be exploited to cause a partial DoS.
32) An unspecified error within the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.
33) Another unspecified error within the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.
34) An unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.
35) Another unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.
36) Another unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.
37) Another unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.
38) An unspecified error within the JAX-WS component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.
39) An unspecified error within the JAXP component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.
40) An unspecified error within the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.
41) An unspecified error within the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.
42) An unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.
43) An unspecified error within the Libraries component of the client and server deployment can be exploited to read a subset of Java accessible data.
44) An unspecified error within the JGSS component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.
45) An unspecified error within the AWT component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.
46) An unspecified error within the BEANS component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.
47) An unspecified error within the SCRIPTING component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.
48) An unspecified error within the Javadoc component in the context of sites running the Javadoc tool as a service and hosting the resulting documentation can be exploited by authenticated users to update, insert, or delete some Java accessible data.
49) An unspecified error within the jhat component of the jhat developer tool can be exploited to update, insert, or delete some Java accessible data.
50) An unspecified error within the JGSS component of the client and server deployment can be exploited to cause a partial DoS.
51) An unspecified error within the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read access a subset of Java accessible data.
The vulnerabilities are reported in the following products:
* JDK and JRE 7 Update 40 and prior
* JDK and JRE 6 Update 60 and prior
* JDK and JRE 5 Update 51 and prior
Solution
Apply updates.
References:
Oracle:
Secunia
http://secunia.com/advisories/55315/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 26 مهر 1392

امتیاز

امتیاز شما
تعداد امتیازها:0