فا

‫ Oracle Java Multiple Vulnerabilities

ID: IRCAD2015013697
Release Date: 2015-01-20
Criticality level: Highly critical
Software:
Oracle Java JDK 1.5.x / 5.x
Oracle Java JDK 1.6.x / 6.x
Oracle Java JDK 1.7.x / 7.x
Oracle Java JDK 1.8.x / 8.x
Oracle Java JRE 1.5.x / 5.x
Oracle Java JRE 1.6.x / 6.x
Oracle Java JRE 1.7.x / 7.x
Oracle Java JRE 1.8.x / 8.x
Description:
A security issue and multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious, local users to disclose sensitive information, manipulate certain data, cause a DoS, and perform certain actions with escalated privileges and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.
1) An error within the Hotspot subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
2) An error within the JAX-WS subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
3) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
4) An error within the RMI subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
5) An error within the Hotspot subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
6) An error within the Hotspot subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
7) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets by local users to gain escalated privileges.
8) An error within the Install subcomponent of the client and server deployment can be exploited by local users to gain escalated privileges.
9) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data and to cause a crash.
10) An error within the Hotspot subcomponent of the client and server deployment can be exploited to update, insert, or delete certain data and to cause a crash.
11) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
12) An error within the Swing subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
13) An error within the Security subcomponent of the client and server deployment can be exploited to cause a crash.
14) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.
15) An error related to SSL version 3.0 CBC encryption block cipher padding.
16) An error within the JSSE subcomponent of the client and server deployment can be exploited to disclose, update, insert, or delete certain data.
17) An error within the 2D subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
18) An error within the 2D subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
19) An error within the Serviceability subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.
The vulnerabilities are reported in the following products:
* JDK and JRE 5 Update 75 and prior
* JDK and JRE 6 Update 85 and prior
* JDK and JRE 7 Update 72 and prior
* JDK and JRE 8 Update 25 and prior
Solution
Apply update.
References:
Oracle:
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 5 بهمن 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0