Page 61 of 358 results (0.007 seconds)

CVSS: 7.5EPSS: 3%CPEs: 61EXPL: 0

CVE-2009-2672 – OpenJDK Proxy mechanism information leaks (6801071)

https://notcve.org/view.php?id=CVE-2009-2672

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. El mecanismo proxy implementado en Sun Java Runtime Environment (JRE) en JDK y JRE v6 anterior Update v15, y JDK y JRE v5.0 anterior Update v20, no previene el acceso a las cookies del buscador por (1) applets y (2) aplicaciones Java Web Start no confiables, que permiten a atacantes remotos secuestrar las sesiones web a través de vectores no especificados. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20 http://java.sun.com/javase/6/webnotes/6u15.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://secunia.com/advisories • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 2%CPEs: 61EXPL: 0

CVE-2009-2673 – OpenJDK proxy mechanism allows non-authorized socket connections (6801497)

https://notcve.org/view.php?id=CVE-2009-2673

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. El mecanismo proxy implementado en Sun Java Runtime Environment (JRE) en JDK y JRE v6 anteriores Update v15, y JDK y JRE v5.0 anteriores Update v20, permite a atacantes remotos evitar las restricciones de acceso previstas y conectarse a sitios a su elección a través de vectores no especificados, relacionados con una declaración que carece de clave final. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20 http://java.sun.com/javase/6/webnotes/6u15.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://osvdb.org/56785 http&# • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 2%CPEs: 138EXPL: 0

CVE-2009-2676 – JRE applet launcher vulnerability

https://notcve.org/view.php?id=CVE-2009-2676

Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher. Vulnerabilidad no especificada en JNLPAppletlauncher en Sun Java SE, y SE Business, en JDK y JRE 6v Update v14 y anteriores y JDK y JRE v5.0 Update v19 y anteriores; y Java SE para Business de SDK y JRE v1.4.2_21 y anteriores, permiten a atacantes remotos crear o modificar un fichero a su elección a través de un vector relacionado con un applet Java no confiable. • http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://osvdb.org/56789 http://secunia.com/advisories/36176 http://secunia.com/advisories/36199 http://secunia.com/advisories/36248 http://secunia.com/advisories/37300 http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-2009 •

CVSS: 10.0EPSS: 3%CPEs: 61EXPL: 0

CVE-2009-2675 – Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2009-2675

Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. Un desbordamiento de enteros en la utilidad unpack200 en Sun Java Runtime Environment (JRE) en JDK y JRE versión 6 anterior a Update 15, y JDK y JRE versión 5.0 anterior a Update 20, permite a los atacantes dependiendo del contexto alcanzar privilegios por medio de campos de longitud no especificados en el encabezado de un archivo JAR comprimido de Pack200-, que conlleva a un desbordamiento del búfer en la región heap de la memoria durante la descompresión. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious web page or open a malicious JNLP file. The specific flaw exists within the code responsible for handling Pack200 compressed JAR files. During decompression, several fields within a Pack200 header are trusted and used to calculate sizes for heap buffer allocations. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=814 http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://secunia.com/advisories/36162 http://secunia.com/advisories/36176 http: • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 3%CPEs: 173EXPL: 2

CVE-2009-1190

https://notcve.org/view.php?id=CVE-2009-1190

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540. Una vulnerabilidad de complejidad algorítmica en el método java.util.regex.Pattern.compile en Sun Java Development Kit (JDK) antes de la versión 1.6, cuando se utiliza con spring.jar en la plataforma SpringSource Spring Framework v1.1.0 a la v2.5.6 y v3.0.0.M1 a y v3.0.0.M2 y dm Server v1.0.0 a v1.0.2, permite a atacantes remotos provocar una denegación de servicio (mediante un excesivo consumo de CPU) a través de datos serializables con una cadena regex demasiado larga que almacene multiples grupos opcionales. Vulnerabilidad relacionada con la CVE-2004-2540. • http://secunia.com/advisories/34892 http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf http://www.securityfocus.com/archive/1/502926/100/0/threaded http://www.springsource.com/securityadvisory https://bugzilla.redhat.com/show_bug.cgi?id=497161 https://exchange.xforce.ibmcloud.com/vulnerabilities/50083 • CWE-399: Resource Management Errors •