Page 3 of 17 results (0.005 seconds)

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311. El analizador de archivos de clase en IBM Java v1.4.2 SR13 FP9 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de memoria o un bucle infinito) a través de un campo de atributo de longitud modificada en un archivo de clase, relacionado con la validación de un campo de longitud en el momento equivocado, una vulnerabilidad diferente a CVE-2011-0311. • http://www.redhat.com/support/errata/RHSA-2011-1265.html https://exchange.xforce.ibmcloud.com/vulnerabilities/69641 https://www-304.ibm.com/support/docview.wss?uid=isg1PM42551 https://access.redhat.com/security/cve/CVE-2011-3387 https://bugzilla.redhat.com/show_bug.cgi?id=737128 • CWE-20: Improper Input Validation •

CVSS: 3.5EPSS: 1%CPEs: 30EXPL: 0

The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read. El analizador de archivos de clases en IBM Java antes de v1.4.2 SR13 FP9, tal como se utiliza en IBM Runtimes para Java Technology v5.0.0 antes de SR13 y v6.0.0 antes de SR10, permite a usuarios autenticados remotamente provocar una denegación de servicio (fallo de segmentación de JVM, y posiblemente, el consumo de memoria o un bucle infinito) a través de un campo de atributo de longitud modificada en un archivo de clase, lo que provoca una sobrelectura de buffer. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89602 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89620 http://www.redhat.com/support/errata/RHSA-2011-1159.html http://www.redhat.com/support/errata/RHSA-2011-1265.html https://exchange.xforce.ibmcloud.com/vulnerabilities/65189 https://www-304.ibm.com/support/docview.wss?uid=i • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Sun Java versión 1.6.0_03 y anteriores, y posiblemente versiones posteriores, no comprueba apropiadamente la autenticidad de las actualizaciones, lo que permite a los atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio de una actualización de tipo caballo de Troya, como es demostrado por evilgrade y Envenenamiento de caché DNS. • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html http://securitytracker.com/id?1020584 http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program. • http://docs.info.apple.com/article.html?artnum=302265 http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html http://secunia.com/advisories/16808 http://www.ciac.org/ciac/bulletins/p-306.shtml http://www.osvdb.org/19397 http://www.securityfocus.com/bid/14827 http://www.vupen.com/english/advisories/2005/1734 https://exchange.xforce.ibmcloud.com/vulnerabilities/22269 •

CVSS: 1.2EPSS: 0%CPEs: 1EXPL: 0

Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack. • http://docs.info.apple.com/article.html?artnum=302266 http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html http://secunia.com/advisories/16808 http://www.ciac.org/ciac/bulletins/p-306.shtml http://www.securityfocus.com/bid/14825 http://www.vupen.com/english/advisories/2005/1734 https://exchange.xforce.ibmcloud.com/vulnerabilities/22262 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •