Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:1641
[Rus]
Version
9
Class
patch
ALTXid
40159
Language
English
Severity
Critical
Title
RHSA-2010:0130: java-1.5.0-ibm security update
Description
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. (CVE-2009-3555)
Family
unix
Platform
Red Hat Enterprise Linux 5
Product
java-1.5.0-ibm
Reference
VENDOR: RHSA-2010:0130-01
VENDOR: RHSA-2010:0130-01
Id:
RHSA-2010:0130-01
Reference:
https://rhn.redhat.com/errata/RHSA-2010-0130.html
CVE: CVE-2009-3555
CVE: CVE-2009-3555
Id:
CVE-2009-3555
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
Comment
: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P
CWE:
295 (Certificate Issues)
References:
http://www.tombom.co.uk/blog/?p=85 (MISC)
[tls] 20091104 TLS renegotiation issue (MLIST)
37292 (SECUNIA)
https://bugzilla.mozilla.org/show_bug.cgi?id=526689 (MISC)
http://extendedsubset.com/?p=8 (MISC)
[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation (MLIST)
ADV-2009-3165 (VUPEN)
[cryptography] 20091105 OpenSSL 0.9.8l released (MLIST)
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during (CONFIRM)
ADV-2009-3164 (VUPEN)
[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation (MLIST)
http://kbase.redhat.com/faq/docs/DOC-20491 (CONFIRM)
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt (MISC)
[gnutls-devel] 20091105 Re: TLS renegotiation MITM (MLIST)
36935 (BID)
http://www.betanews.com/article/1257452450 (MISC)
[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks (MLIST)
[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=533125 (CONFIRM)
http://www.links.org/?p=780 (MISC)
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html (MISC)
37291 (SECUNIA)
[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks (MLIST)
[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks (MLIST)
http://extendedsubset.com/Renegotiating_TLS.pdf (MISC)
20091109 Transport Layer Security Renegotiation Vulnerability (CISCO)
1023163 (SECTRACK)
VU#120541 (CERT-VN)
http://www.links.org/?p=789 (MISC)
20091111 Re: SSL/TLS MiTM PoC (FULLDISC)
http://blogs.iss.net/archive/sslmitmiscsrf.html (MISC)
http://www.links.org/?p=786 (MISC)
ADV-2009-3220 (VUPEN)
http://support.citrix.com/article/CTX123359 (CONFIRM)
37320 (SECUNIA)
ADV-2009-3205 (VUPEN)
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html (MISC)
1023148 (SECTRACK)
273029 (SUNALERT)
DSA-1934 (DEBIAN)
SUSE-SA:2009:057 (SUSE)
http://sysoev.ru/nginx/patch.cve-2009-3555.txt (CONFIRM)
[oss-security] 20091120 CVEs for nginx (MLIST)
[oss-security] 20091123 Re: CVEs for nginx (MLIST)
http://wiki.rpath.com/Advisories:rPSA-2009-0155 (CONFIRM)
FEDORA-2009-12775 (FEDORA)
1023272 (SECTRACK)
FEDORA-2009-12750 (FEDORA)
1023271 (SECTRACK)
[4.5] 010: SECURITY FIX: November 26, 2009 (OPENBSD)
1023207 (SECTRACK)
37656 (SECUNIA)
1023211 (SECTRACK)
1023218 (SECTRACK)
ADV-2009-3353 (VUPEN)
1023209 (SECTRACK)
1023273 (SECTRACK)
GLSA-200912-01 (GENTOO)
1023215 (SECTRACK)
http://www.ingate.com/Relnote.php?ver=481 (CONFIRM)
FEDORA-2009-12782 (FEDORA)
37504 (SECUNIA)
1023208 (SECTRACK)
1023212 (SECTRACK)
1023243 (SECTRACK)
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html (MISC)
http://clicky.me/tlsvuln (MISC)
FEDORA-2009-12968 (FEDORA)
1023204 (SECTRACK)
37501 (SECUNIA)
1023217 (SECTRACK)
1023210 (SECTRACK)
1023274 (SECTRACK)
37675 (SECUNIA)
1023205 (SECTRACK)
SSRT090249 (HP)
1023275 (SECTRACK)
1023216 (SECTRACK)
[4.6] 004: SECURITY FIX: November 26, 2009 (OPENBSD)
1023270 (SECTRACK)
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html (MISC)
1023206 (SECTRACK)
60521 (OSVDB)
1023219 (SECTRACK)
ADV-2009-3354 (VUPEN)
37604 (SECUNIA)
37859 (SECUNIA)
ADV-2009-3484 (VUPEN)
ADV-2009-3587 (VUPEN)
FEDORA-2009-12604 (FEDORA)
FEDORA-2009-12606 (FEDORA)
http://www-01.ibm.com/support/docview.wss?uid=swg24025312 (CONFIRM)
FEDORA-2009-12229 (FEDORA)
FEDORA-2009-12305 (FEDORA)
37640 (SECUNIA)
60972 (OSVDB)
PM00675 (AIXAPAR)
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c (CONFIRM)
ADV-2009-3521 (VUPEN)
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html (CONFIRM)
APPLE-SA-2010-01-19-1 (APPLE)
38056 (SECUNIA)
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES (CONFIRM)
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released (CONFIRM)
http://support.apple.com/kb/HT4004 (CONFIRM)
38241 (SECUNIA)
ADV-2010-0173 (VUPEN)
38484 (SECUNIA)
62210 (OSVDB)
http://www.arubanetworks.com/support/alerts/aid-020810.txt (CONFIRM)
ADV-2010-0086 (VUPEN)
38003 (SECUNIA)
http://support.avaya.com/css/P8/documents/100070150 (CONFIRM)
1023428 (SECTRACK)
1023427 (SECTRACK)
1023411 (SECTRACK)
1023426 (SECTRACK)
RHSA-2010:0119 (REDHAT)
38687 (SECUNIA)
38020 (SECUNIA)
274990 (SUNALERT)
273350 (SUNALERT)
RHSA-2010:0167 (REDHAT)
RHSA-2010:0155 (REDHAT)
ADV-2010-0748 (VUPEN)
39243 (SECUNIA)
39136 (SECUNIA)
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 (CONFIRM)
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html (CONFIRM)
39242 (SECUNIA)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0339 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
37453 (SECUNIA)
1023224 (SECTRACK)
37383 (SECUNIA)
37399 (SECUNIA)
ADV-2009-3310 (VUPEN)
ADV-2009-3313 (VUPEN)
1023214 (SECTRACK)
1023213 (SECTRACK)
SSA:2009-320-01 (SLACKWARE)
ADV-2010-0848 (VUPEN)
38781 (SECUNIA)
39278 (SECUNIA)
RHSA-2010:0130 (REDHAT)
USN-927-1 (UBUNTU)
39500 (SECUNIA)
IC67848 (AIXAPAR)
ADV-2010-0982 (VUPEN)
http://www-01.ibm.com/support/docview.wss?uid=swg21426108 (CONFIRM)
MDVSA-2010:076 (MANDRIVA)
ADV-2010-0933 (VUPEN)
MDVSA-2010:084 (MANDRIVA)
39628 (SECUNIA)
PM12247 (AIXAPAR)
FEDORA-2010-5357 (FEDORA)
39461 (SECUNIA)
ADV-2010-0916 (VUPEN)
MDVSA-2010:089 (MANDRIVA)
ADV-2010-1054 (VUPEN)
FEDORA-2010-5942 (FEDORA)
http://support.avaya.com/css/P8/documents/100081611 (CONFIRM)
RHSA-2010:0165 (REDHAT)
FEDORA-2010-6131 (FEDORA)
39632 (SECUNIA)
39713 (SECUNIA)
ADV-2010-0994 (VUPEN)
SSRT090180 (HP)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
APPLE-SA-2010-05-18-2 (APPLE)
39819 (SECUNIA)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
1021752 (SUNALERT)
http://support.apple.com/kb/HT4171 (CONFIRM)
ADV-2010-1191 (VUPEN)
SUSE-SR:2010:012 (SUSE)
ADV-2010-1350 (VUPEN)
40070 (SECUNIA)
65202 (OSVDB)
http://www.openoffice.org/security/cves/CVE-2009-3555.html (CONFIRM)
SUSE-SR:2010:013 (SUSE)
1021653 (SUNALERT)
39127 (SECUNIA)
ADV-2010-1639 (VUPEN)
http://www.opera.com/support/search/view/944/ (CONFIRM)
USN-927-5 (UBUNTU)
ADV-2010-1673 (VUPEN)
http://www.opera.com/docs/changelogs/unix/1060/ (CONFIRM)
USN-927-4 (UBUNTU)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
40545 (SECUNIA)
40747 (SECUNIA)
HPSBGN02562 (HP)
ADV-2010-2010 (VUPEN)
40866 (SECUNIA)
IC68054 (AIXAPAR)
http://www-01.ibm.com/support/docview.wss?uid=swg21432298 (CONFIRM)
IC68055 (AIXAPAR)
TA10-222A (CERT)
41490 (SECUNIA)
41480 (SECUNIA)
HPSBMA02568 (HP)
ADV-2010-2745 (VUPEN)
http://support.avaya.com/css/P8/documents/100114315 (CONFIRM)
http://support.avaya.com/css/P8/documents/100114327 (CONFIRM)
RHSA-2010:0770 (REDHAT)
FEDORA-2010-16294 (FEDORA)
TA10-287A (CERT)
USN-1010-1 (UBUNTU)
RHSA-2010:0786 (REDHAT)
41972 (SECUNIA)
FEDORA-2010-16240 (FEDORA)
RHSA-2010:0807 (REDHAT)
41967 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html (CONFIRM)
FEDORA-2010-16312 (FEDORA)
RHSA-2010:0865 (REDHAT)
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html (CONFIRM)
RHSA-2010:0768 (REDHAT)
ADV-2010-3086 (VUPEN)
http://www-01.ibm.com/support/docview.wss?uid=swg24006386 (CONFIRM)
42379 (SECUNIA)
42377 (SECUNIA)
1024789 (SECTRACK)
42467 (SECUNIA)
ADV-2010-3126 (VUPEN)
http://www.vmware.com/security/advisories/VMSA-2010-0019.html (CONFIRM)
ADV-2010-3069 (VUPEN)
42811 (SECUNIA)
ADV-2011-0032 (VUPEN)
DSA-2141 (DEBIAN)
SUSE-SA:2010:061 (SUSE)
RHSA-2010:0986 (REDHAT)
RHSA-2010:0987 (REDHAT)
SUSE-SR:2010:019 (SUSE)
42724 (SECUNIA)
42816 (SECUNIA)
42808 (SECUNIA)
42733 (SECUNIA)
https://kb.bluecoat.com/index?page=content&id=SA50 (CONFIRM)
ADV-2011-0033 (VUPEN)
ADV-2011-0086 (VUPEN)
SUSE-SR:2010:024 (SUSE)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html (CONFIRM)
44183 (SECUNIA)
RHSA-2011:0880 (REDHAT)
SSRT090208 (HP)
openSUSE-SU-2011:0845 (SUSE)
SUSE-SU-2011:0847 (SUSE)
HPSBHF02706 (HP)
44954 (SECUNIA)
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html (MISC)
SSRT100817 (HP)
GLSA-201203-22 (GENTOO)
48577 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities (BUGTRAQ)
GLSA-201406-32 (GENTOO)
http://www.openssl.org/news/secadv_20091111.txt (CONFIRM)
41818 (SECUNIA)
SSRT101846 (HP)
DSA-3253 (DEBIAN)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 (CONFIRM)
HPSBUX02517 (HP)
HPSBMU02799 (HP)
SSRT100089 (HP)
HPSBUX02498 (HP)
HPSBOV02762 (HP)
tls-renegotiation-weak-security(54158) (XF)
oval:org.mitre.oval:def:8535 (OVAL)
oval:org.mitre.oval:def:8366 (OVAL)
oval:org.mitre.oval:def:7973 (OVAL)
oval:org.mitre.oval:def:7478 (OVAL)
oval:org.mitre.oval:def:7315 (OVAL)
oval:org.mitre.oval:def:11617 (OVAL)
oval:org.mitre.oval:def:11578 (OVAL)
oval:org.mitre.oval:def:10088 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console (BUGTRAQ)
20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability) (BUGTRAQ)
20091124 rPSA-2009-0155-1 httpd mod_ssl (BUGTRAQ)
20091118 TLS / SSLv3 vulnerability explained (DRAFT) (BUGTRAQ)
MS10-049 (MS)
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E (MISC)
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E (MISC)
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E (MISC)
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E (MISC)
CVE: CVE-2010-0084
CVE: CVE-2010-0084
Id:
CVE-2010-0084
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
63482 (OSVDB)
RHSA-2010:0339 (REDHAT)
RHSA-2010:0338 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
39292 (SECUNIA)
USN-923-1 (UBUNTU)
MDVSA-2010:084 (MANDRIVA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
39819 (SECUNIA)
ADV-2010-1191 (VUPEN)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-1 (APPLE)
APPLE-SA-2010-05-18-2 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
ADV-2010-1793 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14061 (OVAL)
oval:org.mitre.oval:def:11120 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0085
CVE: CVE-2010-0085
Id:
CVE-2010-0085
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.
CVSSv2 Score:
5.1
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0338 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0339 (REDHAT)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
39292 (SECUNIA)
USN-923-1 (UBUNTU)
MDVSA-2010:084 (MANDRIVA)
RHSA-2010:0383 (REDHAT)
39659 (SECUNIA)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
APPLE-SA-2010-05-18-2 (APPLE)
http://support.apple.com/kb/HT4171 (CONFIRM)
39819 (SECUNIA)
ADV-2010-1191 (VUPEN)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
ADV-2010-1793 (VUPEN)
SUSE-SR:2010:017 (SUSE)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:13803 (OVAL)
oval:org.mitre.oval:def:10474 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0087
CVE: CVE-2010-0087
Id:
CVE-2010-0087
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087
Comment
: Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
APPLE-SA-2010-05-18-1 (APPLE)
APPLE-SA-2010-05-18-2 (APPLE)
ADV-2010-1191 (VUPEN)
http://support.apple.com/kb/HT4170 (CONFIRM)
39819 (SECUNIA)
http://support.apple.com/kb/HT4171 (CONFIRM)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
ADV-2010-1793 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:13959 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0088
CVE: CVE-2010-0088
Id:
CVE-2010-0088
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0338 (REDHAT)
RHSA-2010:0339 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
ADV-2010-1107 (VUPEN)
SUSE-SR:2010:011 (SUSE)
39819 (SECUNIA)
http://support.apple.com/kb/HT4171 (CONFIRM)
http://support.apple.com/kb/HT4170 (CONFIRM)
APPLE-SA-2010-05-18-1 (APPLE)
APPLE-SA-2010-05-18-2 (APPLE)
ADV-2010-1191 (VUPEN)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14321 (OVAL)
oval:org.mitre.oval:def:11173 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0089
CVE: CVE-2010-0089
Id:
CVE-2010-0089
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089
Comment
: Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
RHSA-2010:0337 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
39317 (SECUNIA)
RHSA-2010:0383 (REDHAT)
39659 (SECUNIA)
39819 (SECUNIA)
ADV-2010-1191 (VUPEN)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-2 (APPLE)
ADV-2010-1454 (VUPEN)
RHSA-2010:0471 (REDHAT)
40545 (SECUNIA)
SSRT100179 (HP)
ADV-2010-1793 (VUPEN)
SUSE-SR:2010:017 (SUSE)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14208 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0091
CVE: CVE-2010-0091
Id:
CVE-2010-0091
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
References:
63481 (OSVDB)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0339 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0337 (REDHAT)
39292 (SECUNIA)
USN-923-1 (UBUNTU)
39317 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
ADV-2010-1191 (VUPEN)
APPLE-SA-2010-05-18-1 (APPLE)
39819 (SECUNIA)
APPLE-SA-2010-05-18-2 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
http://support.apple.com/kb/HT4171 (CONFIRM)
ADV-2010-1454 (VUPEN)
RHSA-2010:0471 (REDHAT)
SSRT100179 (HP)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SUSE-SR:2010:017 (SUSE)
43308 (SECUNIA)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:9855 (OVAL)
oval:org.mitre.oval:def:13492 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0092
CVE: CVE-2010-0092
Id:
CVE-2010-0092
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSSv2 Score:
5.1
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
References:
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0339 (REDHAT)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
ADV-2010-1107 (VUPEN)
SUSE-SR:2010:011 (SUSE)
APPLE-SA-2010-05-18-2 (APPLE)
APPLE-SA-2010-05-18-1 (APPLE)
39819 (SECUNIA)
ADV-2010-1191 (VUPEN)
http://support.apple.com/kb/HT4171 (CONFIRM)
http://support.apple.com/kb/HT4170 (CONFIRM)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43308 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14210 (OVAL)
oval:org.mitre.oval:def:10057 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0094
CVE: CVE-2010-0094
Id:
CVE-2010-0094
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0338 (REDHAT)
RHSA-2010:0337 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0339 (REDHAT)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
39317 (SECUNIA)
http://www.zerodayinitiative.com/advisories/ZDI-10-051 (MISC)
MDVSA-2010:084 (MANDRIVA)
RHSA-2010:0383 (REDHAT)
39659 (SECUNIA)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
http://support.apple.com/kb/HT4170 (CONFIRM)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-2 (APPLE)
APPLE-SA-2010-05-18-1 (APPLE)
39819 (SECUNIA)
ADV-2010-1191 (VUPEN)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14351 (OVAL)
oval:org.mitre.oval:def:10851 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
20100405 ZDI-10-051: Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-0095
CVE: CVE-2010-0095
Id:
CVE-2010-0095
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0337 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0339 (REDHAT)
RHSA-2010:0338 (REDHAT)
39292 (SECUNIA)
39317 (SECUNIA)
USN-923-1 (UBUNTU)
MDVSA-2010:084 (MANDRIVA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
http://support.apple.com/kb/HT4171 (CONFIRM)
http://support.apple.com/kb/HT4170 (CONFIRM)
ADV-2010-1191 (VUPEN)
39819 (SECUNIA)
APPLE-SA-2010-05-18-1 (APPLE)
APPLE-SA-2010-05-18-2 (APPLE)
ADV-2010-1454 (VUPEN)
RHSA-2010:0471 (REDHAT)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14105 (OVAL)
oval:org.mitre.oval:def:11621 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0837
CVE: CVE-2010-0837
Id:
CVE-2010-0837
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837
Comment
: Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0337 (REDHAT)
RHSA-2010:0339 (REDHAT)
RHSA-2010:0338 (REDHAT)
39317 (SECUNIA)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
RHSA-2010:0383 (REDHAT)
39659 (SECUNIA)
ADV-2010-1107 (VUPEN)
SUSE-SR:2010:011 (SUSE)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
39819 (SECUNIA)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-2 (APPLE)
ADV-2010-1191 (VUPEN)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
ADV-2010-1793 (VUPEN)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14276 (OVAL)
oval:org.mitre.oval:def:10680 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0838
CVE: CVE-2010-0838
Id:
CVE-2010-0838
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838
Comment
: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
39069 (BID)
RHSA-2010:0339 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
http://www.zerodayinitiative.com/advisories/ZDI-10-061 (MISC)
MDVSA-2010:084 (MANDRIVA)
RHSA-2010:0383 (REDHAT)
39659 (SECUNIA)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-2 (APPLE)
39819 (SECUNIA)
http://support.apple.com/kb/HT4170 (CONFIRM)
ADV-2010-1191 (VUPEN)
ADV-2010-1454 (VUPEN)
RHSA-2010:0471 (REDHAT)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
40545 (SECUNIA)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43308 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
javase-javab-java2d-unspecifed(57346) (XF)
oval:org.mitre.oval:def:13923 (OVAL)
oval:org.mitre.oval:def:10482 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
20100405 ZDI-10-061: Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-0839
CVE: CVE-2010-0839
Id:
CVE-2010-0839
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839
Comment
: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0338 (REDHAT)
RHSA-2010:0337 (REDHAT)
SUSE-SR:2010:008 (SUSE)
39317 (SECUNIA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
ADV-2010-1793 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
43308 (SECUNIA)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:13357 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
Content available only for registered users!
ovaldb@altx-soft.com