Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2007:0956
HistoryOct 16, 2007 - 12:00 a.m.

(RHSA-2007:0956) Moderate: java-1.5.0-bea security update

2007-10-1600:00:00
access.redhat.com
16

0.559 Medium

EPSS

Percentile

97.7%

JSON

The BEA WebLogic JRockit 1.5.0_11 JRE and SDK contain BEA WebLogic JRockit
Virtual Machine 1.5.0_11 and are certified for the Java 5 Platform,
Standard Edition, v1.5.0.

A flaw was found in the BEA Java Runtime Environment GIF image handling.
If an application processes untrusted GIF image input, it may be possible
to execute arbitrary code as the user running the Java Virtual Machine.
(CVE-2007-0243)

A buffer overflow in the Java Runtime Environment image handling code was
found. If an attacker is able to cause a server application to process a
specially crafted image file, it may be possible to execute arbitrary code
as the user running the Java Virtual Machine. (CVE-2007-2788,
CVE-2007-2789, CVE-2007-3004)

A denial of service flaw was discovered in the Java Applet Viewer. An
untrusted Java applet could cause the Java Virtual Machine to become
unresponsive. Please note that the BEA WebLogic JRockit 1.5.0_11 does not
ship with a browser plug-in and therefore this issue could only be
triggered by a user running the “appletviewer” application. (CVE-2007-3005)

A cross site scripting (XSS) flaw was found in the Javadoc tool. An
attacker could inject arbitrary content into a Javadoc generated HTML
documentation page, possibly tricking a user or stealing sensitive
information. (CVE-2007-3503)

A denial of service flaw was found in the way the JSSE component processed
SSL/TLS handshake requests. A remote attacker able to connect to a JSSE
enabled service could send a specially crafted handshake which would cause
the Java Runtime Environment to stop responding to future requests.
(CVE-2007-3698)

A flaw was found in the way the Java Runtime Environment processes font
data. An applet viewed via the ‘appletviewer’ application could elevate
its privileges, allowing the applet to perform actions with the same
permissions as the user running the “appletviewer” application. It may also
be possible to crash a server application which processes untrusted font
information from a third party. (CVE-2007-4381)

All users of java-bea-1.5.0 should upgrade to these updated packages, which
contain the BEA WebLogic JRockit 1.5.0_11 release that resolves these
issues.

OSVersionArchitecturePackageVersionFilename
RedHat5ia64java-1.5.0-bea-demo< 1.5.0.11-1jpp.1.el5java-1.5.0-bea-demo-1.5.0.11-1jpp.1.el5.ia64.rpm
RedHat5x86_64java-1.5.0-bea-devel< 1.5.0.11-1jpp.1.el5java-1.5.0-bea-devel-1.5.0.11-1jpp.1.el5.x86_64.rpm
RedHat5ia64java-1.5.0-bea< 1.5.0.11-1jpp.1.el5java-1.5.0-bea-1.5.0.11-1jpp.1.el5.ia64.rpm
RedHat5i686java-1.5.0-bea-missioncontrol< 1.5.0.11-1jpp.1.el5java-1.5.0-bea-missioncontrol-1.5.0.11-1jpp.1.el5.i686.rpm
RedHat5x86_64java-1.5.0-bea-jdbc< 1.5.0.11-1jpp.1.el5java-1.5.0-bea-jdbc-1.5.0.11-1jpp.1.el5.x86_64.rpm
RedHat5ia64java-1.5.0-bea-devel< 1.5.0.11-1jpp.1.el5java-1.5.0-bea-devel-1.5.0.11-1jpp.1.el5.ia64.rpm
RedHat5ia64java-1.5.0-bea-jdbc< 1.5.0.11-1jpp.1.el5java-1.5.0-bea-jdbc-1.5.0.11-1jpp.1.el5.ia64.rpm
RedHat5i686java-1.5.0-bea-jdbc< 1.5.0.11-1jpp.1.el5java-1.5.0-bea-jdbc-1.5.0.11-1jpp.1.el5.i686.rpm
RedHat5x86_64java-1.5.0-bea< 1.5.0.11-1jpp.1.el5java-1.5.0-bea-1.5.0.11-1jpp.1.el5.x86_64.rpm
RedHat5i686java-1.5.0-bea-demo< 1.5.0.11-1jpp.1.el5java-1.5.0-bea-demo-1.5.0.11-1jpp.1.el5.i686.rpm
Rows per page:
1-10 of 171

Related

nessus 46
redhat 12
gentoo 6
openvas 40
suse 3
nvd 12
cve 12
prion 12
securityvulns 5
ubuntucve 5
cvelist 11
seebug 2
checkpoint_advisories 4
zdi 1
cert 2
vmware 2
nessus
nessus
RHEL 4 / 5 : java-1.5.0-bea (RHSA-2007:0956)
2009-08-24 00:00:00
RHEL 4 : java-1.4.2-bea (RHSA-2007:1086)
2013-01-24 00:00:00
openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-3832)
2007-10-17 00:00:00
redhat
redhat
(RHSA-2007:1086) Moderate: java-1.4.2-bea security update
2007-12-12 00:00:00
(RHSA-2007:0829) Critical: java-1.5.0-ibm security update
2007-08-07 00:00:00
(RHSA-2007:0817) Critical: java-1.4.2-ibm security update
2007-08-06 00:00:00
gentoo
gentoo
BEA JRockit: Multiple vulnerabilities
2007-09-23 00:00:00
Sun JDK/JRE: Multiple vulnerabilities
2007-05-31 00:00:00
emul-linux-x86-java: Multiple vulnerabilities
2007-06-26 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200709-15 (jrockit-jdk-bin)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200709-15 (jrockit-jdk-bin)
2008-09-24 00:00:00
SLES9: Security update for Java 2
2009-10-10 00:00:00
suse
suse
remote code execution in IBM Java
2007-10-18 17:55:07
remote code execution in IBM Java, Sun Java
2007-07-18 17:38:23
remote code execution in IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm
2008-04-25 14:46:33
nvd
nvd
CVE-2007-3005
2007-06-04 17:30:00
CVE-2007-3004
2007-06-04 17:30:00
CVE-2007-4381
2007-08-17 21:17:00
cve
cve
CVE-2007-3004
2007-06-04 17:30:00
CVE-2007-3005
2007-06-04 17:30:00
CVE-2007-4381
2007-08-17 21:17:00
prion
prion
Design/Logic Flaw
2007-06-04 17:30:00
Design/Logic Flaw
2007-06-04 17:30:00
Cross site scripting
2007-06-30 01:30:00
securityvulns
securityvulns
Sun JRE / JDK multiple security vulnerabilities
2007-06-01 00:00:00
[ GLSA 200705-23 ] Sun JDK/JRE: Multiple vulnerabilities
2007-06-01 00:00:00
ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
2007-01-18 00:00:00
ubuntucve
ubuntucve
CVE-2007-3503
2007-06-30 00:00:00
CVE-2007-4381
2007-08-17 00:00:00
CVE-2007-2789
2007-05-22 00:00:00
cvelist
cvelist
CVE-2007-4381
2007-08-17 21:12:00
CVE-2007-3503
2007-06-30 01:00:00
CVE-2007-3004
2007-06-04 17:00:00
seebug
seebug
Sun JavaDoc工具跨站脚本漏洞
2007-09-03 00:00:00
Sun Java运行时环境GIF图形缓冲区溢出漏洞
2007-01-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun Java GIF File Handling Memory Corruption (CVE-2007-0243)
2009-12-29 00:00:00
Sun JDK Hard Coded Image in Java File (CVE-2007-2788)
2010-03-23 00:00:00
Sun Java GIF File Handling Memory Corruption - Improved Performance (CVE-2007-0243)
2013-05-12 00:00:00
zdi
zdi
Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
2007-01-16 00:00:00
cert
cert
Sun Microsystems Java GIF image processing buffer overflow
2007-01-17 00:00:00
Java Runtime Environment Image Parsing Code buffer overflow vulnerability
2007-06-06 00:00:00
vmware
vmware
Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.
2008-01-07 00:00:00
Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.
2008-01-07 00:00:00

0.559 Medium

EPSS

Percentile

97.7%

JSON
Related for RHSA-2007:0956
nessus46redhat12gentoo6openvas40suse3nvd12cve12prion12securityvulns5ubuntucve5cvelist11seebug2checkpoint_advisories4zdi1cert2vmware2