‫ Oracle Java Multiple Vulnerabilities

IRCAD2014043254

Number: IRCAD2014043254
Date: 2014/04/16

Criticality level: Highly critical

 
Software:

Oracle Java JDK 1.5.x / 5.x

Oracle Java JDK 1.6.x / 6.x

Oracle Java JDK 1.7.x / 7.x

Oracle Java JDK 1.8.x / 8.x

Oracle Java JRE 1.5.x / 5.x

Oracle Java JRE 1.6.x / 6.x

Oracle Java JRE 1.7.x / 7.x

Oracle Java JRE 1.8.x / 8.x

Description

Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious, local users to manipulate certain data and cause a DoS (Denial of Service), by malicious users to manipulate certain data, and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS, and compromise a vulnerable system.

1) An error within the 2D subcomponent of the client and server deployment can be exploited to execute arbitrary code.

2) An error within the Libraries subcomponent of the client and server deployment can be exploited to execute arbitrary code.

3) An error within the Hotspot subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

4) An error within the 2D subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

5) An error within the JavaFX subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

6) An error within the Hotspot subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

7) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

8) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

9) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

10) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

11) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.

12) An error within the AWT subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.

13) An error within the AWT subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.

14) An error within the JAX-WS subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.

15) An error within the JAX-WS subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.

16) An error within the JAX-WS subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.

17) An error within the JAXB subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.

18) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.

19) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.

20) An error within the Security subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.

21) An error within the Sound subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.

22) An error within the JavaFX subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.

23) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data.

24) An error within the JNDI subcomponent of the client and server deployment can be exploited to disclose, update, insert, or delete certain data.

25) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.

26) An error within the JAXP subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.

27) An error within the 2D subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.

28) An error within the Scripting subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.

29) An error within the Scripting subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.

30) An error within the 2D subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to cause a crash.

31) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.

32) An error within the Security subcomponent of the client and server deployment can be exploited to disclose, update, insert, or delete certain data.

33) An error within the Javadoc subcomponent of the client and server deployment can be exploited to update, insert, or delete certain data.

34) An error within the Libraries subcomponent of the client and server deployment related to the unpack200 tool can be exploited to update, insert, or delete certain data and to cause a crash.

35) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.

The vulnerabilities are reported in the following products:

* JDK and JRE 7 Update 51 and prior

* JDK and JRE 6 Update 71 and prior

* JDK and JRE 5 Update 61 and prior

* JDK and JRE 8

Solution:

Apply updates.

Resources:
secunia:

http://secunia.com/advisories/57932/

 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 30 فروردین 1393

امتیاز

امتیاز شما
تعداد امتیازها:0