CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3387 – java-1.4.2-ibm: DoS via class file parser in IBM Java 1.4.2.SR13.FP9
https://notcve.org/view.php?id=CVE-2011-3387
The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311. El analizador de archivos de clase en IBM Java v1.4.2 SR13 FP9 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de memoria o un bucle infinito) a través de un campo de atributo de longitud modificada en un archivo de clase, relacionado con la validación de un campo de longitud en el momento equivocado, una vulnerabilidad diferente a CVE-2011-0311. • http://www.redhat.com/support/errata/RHSA-2011-1265.html https://exchange.xforce.ibmcloud.com/vulnerabilities/69641 https://www-304.ibm.com/support/docview.wss?uid=isg1PM42551 https://access.redhat.com/security/cve/CVE-2011-3387 https://bugzilla.redhat.com/show_bug.cgi?id=737128 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2008-3440
https://notcve.org/view.php?id=CVE-2008-3440
Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Sun Java versión 1.6.0_03 y anteriores, y posiblemente versiones posteriores, no comprueba apropiadamente la autenticidad de las actualizaciones, lo que permite a los atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio de una actualización de tipo caballo de Troya, como es demostrado por evilgrade y Envenenamiento de caché DNS. • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html http://securitytracker.com/id?1020584 http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 1.2EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2527
https://notcve.org/view.php?id=CVE-2005-2527
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack. • http://docs.info.apple.com/article.html?artnum=302266 http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html http://secunia.com/advisories/16808 http://www.ciac.org/ciac/bulletins/p-306.shtml http://www.securityfocus.com/bid/14825 http://www.vupen.com/english/advisories/2005/1734 https://exchange.xforce.ibmcloud.com/vulnerabilities/22262 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •