CVE-2010-4466 – Oracle Java Runtime NTLM Authentication Information Leakage Vulnerability
https://notcve.org/view.php?id=CVE-2010-4466
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business v6 Update v23 y anteriores para Windows, Solaris, y, Linux; v5.0 Update v27 y anteriores para Windows; y v1.4.2_29 y anteriores para Windows permite a aplicaciones remotas Java Web Start no confiables y Java applets no confiables vulnerar la confidencialidad a través de vectores desconocidos relacionados con Deployment. This vulnerability allows remote attackers to leak authentication details on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of NTLM authentication requested generated in the context of the Java Runtime. The Java Virtual Machine will ignore browser policies and respond to WWW-Authenticate requests from the Internet zone resulting in the leakage of NTLM authentication hashes to attackers. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44954 http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.redhat.com/support/errata/RHSA-2011-0282.html http://www.redhat.com/support/errata/RHSA-2011-0880.html https:/ •
CVE-2010-4463 – Oracle Java Webstart Trusted JNLP Extension Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4463
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business v6 Update v21 hasta v6 Update v23 permite a aplicaciones remotas Java Web Start no confiables y Java applets no confiables vulnerar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Deployment. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Java Webstart loader of the Java Runtime Environment. When parsing a .jnlp file containing an extension, the loader will honor the permissions defined within. • http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44954 http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.redhat.com/support/errata/RHSA-2011-0282.html http://www.redhat.com/support/errata/RHSA-2011-0880.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12899 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mi •
CVE-2010-4452 – Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4452
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Deployment en Java Runtime Environment (JRE) en Oracle Jave SE y Java for Business v6 Update v23 y anteriores permite a aplicaciones remotas Java Web Start no confiables y applets Java no confiables vulnerar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the findClass method of the sun.plugin2.applet.Applet2ClassLoader class. Due to a failure to properly validate URLs supplied by an implicitly trusted applet, it is possible to execute arbitrary code on Windows 32-bit and 64-bit, as well as Linux 32-bit platforms under the context of the SYSTEM user. • https://www.exploit-db.com/exploits/16990 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44954 http://securityreason.com/securityalert/8145 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.redhat.com/support/errata/RHSA-2011-0282.html http://www.redhat.com/support/errata/RHSA-2011-0880.ht •
CVE-2010-4462 – Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4462
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4473. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anteriores, 5.0 Update 27 y versiones anteriores y 1.4.2_29 y versiones anteriores permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Sound y APIs no especificadas, una vulnerabilidad diferente a CVE-2010-4454 y CVE-2010-4473. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within jsound!XGetSamplePtrFromSnd. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44954 http://secunia.com/advisories/49198 http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html http://www •
CVE-2010-4465 – Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4465
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anteriores, 5.0 Update 27 y versiones anteriores y 1.4.2_29 y versiones anteriores permite a aplicaciones remotas Java Web Start no confiables y subprogramas Java no confiables afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Swing. NOTA: la información previa fue obtenida de febrero 2011 CPU. • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisor •