‫ Oracle Java Multiple Vulnerabilities

ID: IRCAD2015043882
Release Date: 2015-04-15
Criticality level: Highly critical
Software:
Oracle Java JDK 1.5.x / 5.x
Oracle Java JDK 1.6.x / 6.x
Oracle Java JDK 1.7.x / 7.x
Oracle Java JDK 1.8.x / 8.x
Oracle Java JRE 1.5.x / 5.x
Oracle Java JRE 1.6.x / 6.x
Oracle Java JRE 1.7.x / 7.x
Oracle Java JRE 1.8.x / 8.x
Description:
Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.
1) An error within the 2D subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
2) An error within the 2D subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
3) An error within the 2D subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
4) An error within the Hotspot subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
5) An error within the JavaFX subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
6) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
7) An error within the JavaFX subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.
8) An error within the Tools subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data and to cause a crash.
9) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
10) An error within the JSSE subcomponent of the client and server deployment can be exploited to cause a crash.
11) An error within the Beans subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.
12) An error within the Hotspot subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.
13) An error within the JCE subcomponent of the client and server deployment can be exploited to disclose certain data.
14) An error exists within the JSSE subcomponent of the client and server deployment.
The vulnerabilities are reported in the following products:
* JDK and JRE 5 Update 81 and prior
* JDK and JRE 6 Update 91 and prior
* JDK and JRE 7 Update 76 and prior
* JDK and JRE 8 Update 40 and prior
Solution
Apply update.
References:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 6 اردیبهشت 1394

امتیاز

امتیاز شما
تعداد امتیازها:0