CVE-2007-5232 – Security Vulnerability in Java Runtime Environment With Applet Caching
https://notcve.org/view.php?id=CVE-2007-5232
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. Sun Java Runtime Environment (JRE) en JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 Update 12 y anteriores, SDK y JRE 1.4.2_15 y earlier, y SDK y JRE 1.3.1_20 y anteriores, cuando applet caching está activo, permite a atacantes remotos violar el modelo de seguridad para conexiones de salida del applet a través de un ataque de recinvulación del DNS. • http://conference.hitb.org/hitbsecconf2007kl/?page_id=148 http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf http://dev2dev.bea.com/pub/advisory/272 http://docs.info.apple.com/article.html?artnum=307177 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html htt •
CVE-2007-4381 – Sun Java Runtime Environment 1.4.2 - Font Parsing Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-4381
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. Vulnerabilidad no especificada en la implementación del parche fuente en Sun JDK and JRE 5.0 Update 9 y anteriores, y SDK y JRE 1.4.2_14 y anteriores, permite a atacantes remotos llevar a cabo acciones no autorizadas a través de un applet que gana ciertos privilegios por si mismo. • https://www.exploit-db.com/exploits/30502 http://dev2dev.bea.com/pub/advisory/248 http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/26402 http://secunia.com/advisories/26631 http://secunia.com/advisories/26933 http://secunia.com/advisories/27203 http://secunia.com/advisories/27716 http://secunia. •
CVE-2007-3922 – Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions
https://notcve.org/view.php?id=CVE-2007-3922
Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. Vulnerabilidad no especificada en Java Runtime Environment (JRE) Applet Class Loader en Sun JDK y JRE 5.0 Update 11 y versiones anteriores , 6 hasta 6 Update 1, y SDK y JRE 1.4.2_14 y versiones anteriores, permite a atacantes remotos romper el modelo de seguridad en las conexiones salientes de un applet al conectarse a determinados servicios localhost ejecutándose en la máquina que cargó el applet. • http://dev2dev.bea.com/pub/advisory/248 http://docs.info.apple.com/article.html?artnum=307177 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://secunia.com/advisories/26314 http://secunia.com/advisories/26369 http://secunia.com/advisories/26631 http://secunia.com/advisories/26645 http://secunia.com/advisories/26933 http://secunia.com/advisories/27266 http://secunia.com •
CVE-2007-3504
https://notcve.org/view.php?id=CVE-2007-3504
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. Una vulnerabilidad de salto de directorio en PersistenceService en Sun Java Web Start en JDK y JRE versión 5.0 Update 11 y anteriores, y Java Web Start en SDK y JRE versión 1.4.2_13 y anteriores, para Windows, permite a atacantes remotos realizar acciones no autorizadas por medio de una aplicación que otorga privilegios de sobrescritura de archivos a sí mismo. NOTA: esto puede ser aprovechado para ejecutar código arbitrario sobrescribiendo un archivo .java.policy. • http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://osvdb.org/37755 http://secunia.com/advisories/25823 http://secunia.com/advisories/28115 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1 http://www.securityfocus.com/archive/1/472673/100/0/threaded http://www.securityfocus.com/bid/24695 http://www.securitytracker.com/id?1018328 http://www.vupen.com/english/advisories/2007/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-2788 – Sun Java JDK 1.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2788
Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow. Un desbordamiento de enteros en el analizador de imagen de perfil ICC integrado en Sun Java Development Kit (JDK) versiones anteriores a 1.5.0_11-b03 y versiones 1.6.x anteriores a 1.6.0_01-b06, y Sun Java Runtime Environment en JDK y JRE versión 6, JDK y JRE versión 5.0 Update 10 y anteriores, SDK y JRE versión 1.4.2_14 y anteriores, y SDK y JRE versión 1.3.1_20 y anteriores, permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de JVM) por medio de un archivo JPEG o BMP diseñado que desencadena un desbordamiento de búfer. • https://www.exploit-db.com/exploits/30043 http://dev2dev.bea.com/pub/advisory/248 http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://lists.vmware.com/pipermail/security-announce/2008/000003.html http://scary.beasts.org/security/CESA-2006-004.html http://secunia.com/advisories/25295 http://secunia.com/advisories/25474 http://secunia.com/advisories/25832 http://secunia.com/advisories/26049 http: • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •