فا

‫ Oracle Java Multiple Vulnerabilities

IRCAD2014073410

ID: IRCAD2014073410

Release Date: 2014-07-16

Criticality level: Highly critical

Software:
Oracle Java JDK 1.5.x / 5.x
Oracle Java JDK 1.6.x / 6.x
Oracle Java JDK 1.7.x / 7.x
Oracle Java JDK 1.8.x / 8.x
Oracle Java JRE 1.5.x / 5.x
Oracle Java JRE 1.6.x / 6.x
Oracle Java JRE 1.7.x / 7.x
Oracle Java JRE 1.8.x / 8.x
Description:

Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

1) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

2) An error within the Hotspot subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

3) An error within the Hotspot subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

4) An error within the Hotspot subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

5) An error within the JavaFX subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

6) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

7) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

8) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

9) An error within the JMX subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data.

10) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.

11) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.

12) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.

13) An error within the Security subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.

14) An error within the Serviceability subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.

15) An error within the Swing subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.

16) An error within the Security subcomponent of the client and server deployment can be exploited to cause a crash.

17) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.

18) An error within the Security subcomponent of client and server deployments can be exploited to disclose, update, insert, or delete certain data.

19) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.

The vulnerabilities are reported in the following products:

* JDK and JRE 5 Update 65 and prior

* JDK and JRE 6 Update 75 and prior

* JDK and JRE 7 Update 60 and prior

* JDK and JRE 8 Update 5 and prior

Solution

Apply update.

References:
Secunia:

http://secunia.com/advisories/59501/


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 30 تیر 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0