Action not permitted
Modal body text goes here.
CVE-2010-0093
Vulnerability from cvelistv5
Published
2010-04-01 16:00
Modified
2024-08-07 00:37
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:37:53.835Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2010-05-18-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" }, { "name": "HPSBMU02799", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "name": "39317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39317" }, { "name": "40545", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40545" }, { "name": "39819", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39819" }, { "name": "ADV-2010-1107", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "name": "RHSA-2010:0338", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" }, { "name": "ADV-2010-1793", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1793" }, { "name": "APPLE-SA-2010-05-18-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" }, { "name": "SUSE-SR:2010:011", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "name": "43308", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43308" }, { "name": "oval:org.mitre.oval:def:9877", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9877" }, { "name": "oval:org.mitre.oval:def:14288", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14288" }, { "name": "SSRT100179", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "name": "SSRT100089", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" }, { "name": "RHSA-2010:0339", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" }, { "name": "HPSBUX02524", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "name": "39292", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39292" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4170" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "name": "SUSE-SR:2010:008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "name": "USN-923-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://ubuntu.com/usn/usn-923-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "name": "RHSA-2010:0337", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" }, { "name": "63485", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/63485" }, { "name": "HPSBMA02547", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4171" }, { "name": "MDVSA-2010:084", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" }, { "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "name": "ADV-2010-1191", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1191" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-03-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "APPLE-SA-2010-05-18-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" }, { "name": "HPSBMU02799", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "name": "39317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39317" }, { "name": "40545", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40545" }, { "name": "39819", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39819" }, { "name": "ADV-2010-1107", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "name": "RHSA-2010:0338", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" }, { "name": "ADV-2010-1793", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1793" }, { "name": "APPLE-SA-2010-05-18-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" }, { "name": "SUSE-SR:2010:011", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "name": "43308", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43308" }, { "name": "oval:org.mitre.oval:def:9877", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9877" }, { "name": "oval:org.mitre.oval:def:14288", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14288" }, { "name": "SSRT100179", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "name": "SSRT100089", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" }, { "name": "RHSA-2010:0339", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" }, { "name": "HPSBUX02524", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "name": "39292", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39292" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4170" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "name": "SUSE-SR:2010:008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "name": "USN-923-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://ubuntu.com/usn/usn-923-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "name": "RHSA-2010:0337", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" }, { "name": "63485", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/63485" }, { "name": "HPSBMA02547", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4171" }, { "name": "MDVSA-2010:084", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" }, { "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "name": "ADV-2010-1191", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1191" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2010-0093", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2010-05-18-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" }, { "name": "HPSBMU02799", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "name": "39317", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39317" }, { "name": "40545", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40545" }, { "name": "39819", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39819" }, { "name": "ADV-2010-1107", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "name": "RHSA-2010:0338", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" }, { "name": "ADV-2010-1793", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1793" }, { "name": "APPLE-SA-2010-05-18-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" }, { "name": "SUSE-SR:2010:011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "name": "43308", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43308" }, { "name": "oval:org.mitre.oval:def:9877", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9877" }, { "name": "oval:org.mitre.oval:def:14288", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14288" }, { "name": "SSRT100179", "refsource": "HP", "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "name": "SSRT100089", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" }, { "name": "RHSA-2010:0339", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" }, { "name": "HPSBUX02524", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "name": "39292", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39292" }, { "name": "http://support.apple.com/kb/HT4170", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4170" }, { "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "name": "SUSE-SR:2010:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "name": "USN-923-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-923-1" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "name": "RHSA-2010:0337", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" }, { "name": "63485", "refsource": "OSVDB", "url": "http://osvdb.org/63485" }, { "name": "HPSBMA02547", "refsource": "HP", "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "name": "http://support.apple.com/kb/HT4171", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4171" }, { "name": "MDVSA-2010:084", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" }, { "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "name": "ADV-2010-1191", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1191" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2010-0093", "datePublished": "2010-04-01T16:00:00", "dateReserved": "2009-12-16T00:00:00", "dateUpdated": "2024-08-07T00:37:53.835Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2010-0093\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2010-04-01T16:30:00.733\",\"lastModified\":\"2018-10-30T16:26:21.390\",\"vulnStatus\":\"Modified\",\"evaluatorComment\":\"Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\\r\\n\\r\\n\\r\\n\\r\\n\u0027Affected product releases and versions:\\r\\n\u2022 Java SE: \\t \\r\\n\\r\\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux\\r\\n\\t \\r\\n\\r\\n \u2022 JDK 5.0 Update 23 and earlier for Solaris\\r\\n\\t \\r\\n\\r\\n \u2022 SDK 1.4.2_25 and earlier for Solaris\\r\\n\\t \\r\\n\u2022 Java for Business: \\t \\r\\n\\r\\n \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux\\r\\n\\t \\r\\n\\r\\n \u2022 JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux\\r\\n\\t \\r\\n\\r\\n \u2022 SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux\u0027\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23 y 1.4.2_25 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a CVE-2010-0095.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.1},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:*:update_18:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.0\",\"matchCriteriaId\":\"AA98E24E-B406-4F94-983D-7CDAE2EDAFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBCD143C-057D-4F42-B487-46801E14ACF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"09027C19-D442-446F-B7A8-21DB6787CF43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0FEC28-0707-4F42-9740-78F3D2D551EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3C5879A-A608-4230-9DC1-C27F0F48A13B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C71089A-BDDE-41FC-9DF9-9AEF4C2374DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DBB6B73-8D6B-41FF-BEE0-E0C7F5F1EB41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*\",\"matchCriteriaId\":\"12A3B254-8580-45DB-BDE4-5B5A29CBFFB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DB1DE6A-66AE-499B-AD92-9E6ACE474C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*\",\"matchCriteriaId\":\"AADBB4F9-E43E-428B-9979-F47A15696C85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*\",\"matchCriteriaId\":\"49260B94-05DE-4B78-9068-6F5F6BFDD19E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7158D2C0-E9AC-4CD6-B777-EA7B7A181997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"90EC6C13-4B37-48E5-8199-A702A944D5A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2528152C-E20A-4D97-931C-A5EC3CEAA06D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A99DAB4C-272B-4C91-BC70-7729E1152590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"30DFC10A-A4D9-4F89-B17C-AB9260087D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"272A5C44-18EC-41A9-8233-E9D4D0734EA6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:*:update_18:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.0\",\"matchCriteriaId\":\"69821E3E-D00B-462B-9AE2-3BC4C7924F71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3A4FEC7-A4A0-4B5C-A56C-8F80AE19865E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"722A93D8-B5BC-42F3-92A2-E424F61269A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"775F2611-F11C-4B84-8F40-0D034B81BF18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"F20FDD9F-FF45-48BC-9207-54FB02E76071\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FA326F5-894A-4B01-BCA3-B126DA81CA59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*\",\"matchCriteriaId\":\"228AB7B4-4BA4-43D4-B562-D438884DB152\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFD5C688-2103-4D60-979E-D9BE69A989C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*\",\"matchCriteriaId\":\"21421215-F722-4207-A2E5-E2DF4B29859B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFB9EA23-0EF7-4582-A265-3F5AA9EC81B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D98175BF-B084-4FA5-899D-9E80DC3923EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"820632CE-F8DF-47EE-B716-7530E60008B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA2BD0A3-7B2D-447B-ABAC-7B867B03B632\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"D54AB785-E9B7-47BD-B756-0C3A629D67DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9412098-0353-4F7B-9245-010557E6C651\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD30DAEB-4893-41CF-A455-B69C463B9337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*\",\"matchCriteriaId\":\"21D6CE7E-A036-496C-8E08-A87F62B5290A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8F93BBE-1E8C-4EB3-BCC7-20AB2D813F98\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:*:update23:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.0\",\"matchCriteriaId\":\"2C053822-6E03-4864-8C23-B3667B220DF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A02CF738-1B4F-44D0-A618-3D3E4EF1C9B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE8E883F-E13D-4FB0-8C6F-B7628600E8D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AADA633-EB11-49A0-8E40-66589034F03E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"19DC29C5-1B9F-46DF-ACF6-3FF93E45777D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*\",\"matchCriteriaId\":\"B120F7D9-7C1E-4716-B2FA-2990D449F754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD61E49F-2A46-4107-BB3F-527079983306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*\",\"matchCriteriaId\":\"D900AAE0-6032-4096-AFC2-3D43C55C6C83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*\",\"matchCriteriaId\":\"88B0958C-744C-4946-908C-09D2A5FAB120\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3E7F3CA-FFB3-42B3-A64F-0E38FAF252FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A2D8D09-3F18-4E73-81CF-BB589BB8AEC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FD24779-988F-4EC1-AC19-77186B68229E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F1E860E-98F2-48FF-B8B3-54D4B58BF81F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"28BE548B-DD0C-4C58-98CA-5B803F04F9EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*\",\"matchCriteriaId\":\"505A8F40-7758-412F-8895-FA1B00BE6B7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*\",\"matchCriteriaId\":\"212F4A5F-87E3-4C62-BA21-46CBBCD8D26A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F8E9AA0-8907-4B1A-86A1-08568195217D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A337AD31-4566-4A4E-AFF3-7EAECD5C90F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"0754AFDC-2F1C-4C06-AB46-457B5E610029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"532CF9DD-0EBB-4B3B-BB9C-A8D78947A790\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC0ABF7A-107B-4B97-9BD7-7B0CEDAAF359\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5DA4242-30D9-44C8-9D0D-877348FFA22B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"C61C6043-99D0-4F36-AF84-1A5F90B895EE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4.2_25\",\"matchCriteriaId\":\"99ACE336-1CF4-4904-B313-30E532981FFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"002CA86D-3090-4C7A-947A-21CB5D1ADD98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F6453C9-7EE0-4FFB-861D-C2D9416DCABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF4E34FD-D927-42BB-8A16-031D77CB4B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DDE253E-C8B6-4C1D-AECE-ABEA1A67306B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A56D9A60-F272-4D4C-A9DD-C93DAF783585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF109CAA-E8D2-4BD7-BE7C-AF8B2A78672E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"976F4ACB-3725-45B7-B2EF-DEE4B88254E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52BDD6A8-1611-4C3C-865D-6EDB5B9F8D88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A1F28FF-652A-4C89-9AC6-5E212F890811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96A8C351-E9CD-431B-8B9D-712CA54C7213\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36888382-79C8-4C97-A654-C668CD68556F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F34C99E6-F9F0-4EF3-8601-B47EAE3D7273\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A74DD08D-CEDB-460E-BED5-78F6CAF18BF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E60560EC-6DBD-4A17-BFFA-FAD9193A0BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4F64FBC-DC97-4FE3-A235-18B87945AF7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85048406-9051-4E69-94A8-5C449F3B89E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1C88DD7-0B46-4405-BD35-60D27E2DBA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08D23B7C-7B8C-41B8-8D94-BB0F27C7F0A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C49B997-95D3-4DA4-A353-DB41AD461C5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F70EF76-ED5F-4835-8252-FE613604FA3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BDBCAD8-CDF7-4550-8EA2-1409B02FFAD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E691333-0434-4808-9ED4-E82C6EC2FD37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBE7A538-FF2E-4622-8479-781AB73CBA45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD491CD3-5763-4698-8893-2D5F5609BD89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADF4E465-6B0B-4295-81F7-D09ADB81394C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:*:update23:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.0\",\"matchCriteriaId\":\"6246DF05-3B7C-4DD6-B7C7-D343DE96A3BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"133A7B66-E0B3-4867-A5A4-3C54D6C0C8ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7FC09E8-7F30-4FE4-912E-588AA250E2A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"9919D091-73D7-465A-80FF-F37D6CAF9F46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*\",\"matchCriteriaId\":\"02565D6F-4CB2-4671-A4EF-3169BCFA6154\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*\",\"matchCriteriaId\":\"452A3E51-9EAC-451D-BA04-A1E7B7D917EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E8C6AAC-C90B-4220-A69B-2A886A35CF5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*\",\"matchCriteriaId\":\"55231B6B-9298-4363-9B5A-14C2DA7B1F50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*\",\"matchCriteriaId\":\"E42CF0F7-418C-4BB6-9B73-FA3B9171D092\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5467E9D-07D8-4BEB-84D5-A3136C133519\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*\",\"matchCriteriaId\":\"B83B2CE1-45D7-47AD-BC0A-6EC74D5F8F5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A32F326-EA92-43CD-930E-E527B60CDD3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EA5B9E9-654D-44F7-AE98-3D8B382804AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*\",\"matchCriteriaId\":\"04344167-530E-4A4D-90EF-74C684943DF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0E0373B-201D-408F-9234-A7EFE8B4970D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"44051CFE-D15D-4416-A123-F3E49C67A9E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F296ACF3-1373-429D-B991-8B5BA704A7EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B863420B-DE16-416A-9640-1A1340A9B855\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"724C972F-74FE-4044-BBC4-7E0E61FC9002\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"46F41C15-0EF4-4115-BFAA-EEAD56FAEEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBE909DE-E55A-4BD3-A5BF-ADE407432193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DAC04D2-68FD-4793-A8E7-4690A543D7D4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4.2_25\",\"matchCriteriaId\":\"6FCF609D-FE35-49D3-AA20-E56DCEEADD40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63978872-E797-4F13-B0F9-98CB67D0962A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EEAB662-644A-4D7B-8237-64142CF48724\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9598A49-95F2-42DB-B92C-CD026F739B83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BED1009E-AE60-43A0-A0F5-38526EFCF423\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D011585C-0E62-4233-85FA-F29A07D68DA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F226D898-F0E8-41D8-BF40-54DE9FB5426D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB9CCD1-A67D-4800-9EC5-6E1A0B0B76E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE28C283-447A-4F83-B96B-69F96E663C1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D102063B-2434-4141-98E7-2DE501AE1728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03B8CD03-CD31-4F4D-BA90-59435578A4F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41A994BF-1F64-480A-8AA5-748DDD0AB68C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88519F2D-AD06-4F05-BEDA-A09216F1B481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC728978-368D-4B36-B149-70473E92BD1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD5187B1-CB86-48E8-A595-9FCFD9822C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C660DE4-543A-4E9B-825D-CD099D08CBD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C1942E-16C0-4EB2-AB57-43EC6EC9C3A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"318719C9-7B01-4021-B2EF-8341254DFE6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB8FA9BA-51CA-4473-9FE1-9A32FB8C8041\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC5E64B6-77DA-44BC-B646-AE01041B1830\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DA35E80-9E0E-4A26-B631-A61542BE4739\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EEB5367-1BB8-4ED3-8C04-ABA6BAA5AD10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BED9E7C8-0418-4733-A496-61CCFD638859\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6566CE32-E042-424A-893B-C8A9E26E2869\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B760192E-7193-4FEF-8FFA-680AC89D45A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C020210-8EBA-41D2-BE4A-962CD902857C\"}]}]}],\"references\":[{\"url\":\"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//May/msg00001.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//May/msg00002.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://osvdb.org/63485\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://secunia.com/advisories/39292\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://secunia.com/advisories/39317\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://secunia.com/advisories/39819\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://secunia.com/advisories/40545\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://secunia.com/advisories/43308\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://support.apple.com/kb/HT4170\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://support.apple.com/kb/HT4171\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://ubuntu.com/usn/usn-923-1\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0337.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0338.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0339.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/516397/100/0/threaded\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2011-0003.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1107\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1191\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1793\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14288\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9877\",\"source\":\"secalert_us@oracle.com\"}]}}" } }
ghsa-w2hp-v5c3-39q4
Vulnerability from github
Published
2022-05-02 06:10
Modified
2022-05-02 06:10
Details
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.
{ "affected": [], "aliases": [ "CVE-2010-0093" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2010-04-01T16:30:00Z", "severity": "MODERATE" }, "details": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.", "id": "GHSA-w2hp-v5c3-39q4", "modified": "2022-05-02T06:10:05Z", "published": "2022-05-02T06:10:05Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0093" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14288" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9877" }, { "type": "WEB", "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "type": "WEB", "url": "http://osvdb.org/63485" }, { "type": "WEB", "url": "http://secunia.com/advisories/39292" }, { "type": "WEB", "url": "http://secunia.com/advisories/39317" }, { "type": "WEB", "url": "http://secunia.com/advisories/39819" }, { "type": "WEB", "url": "http://secunia.com/advisories/40545" }, { "type": "WEB", "url": "http://secunia.com/advisories/43308" }, { "type": "WEB", "url": "http://support.apple.com/kb/HT4170" }, { "type": "WEB", "url": "http://support.apple.com/kb/HT4171" }, { "type": "WEB", "url": "http://ubuntu.com/usn/usn-923-1" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "type": "WEB", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "type": "WEB", "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/1191" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/1793" } ], "schema_version": "1.4.0", "severity": [] }
rhsa-2010_0338
Vulnerability from csaf_redhat
Published
2010-04-01 02:56
Modified
2024-11-14 10:48
Summary
Red Hat Security Advisory: java-1.5.0-sun security update
Notes
Topic
The java-1.5.0-sun packages as shipped in Red Hat Enterprise Linux 4 Extras
and 5 Supplementary contain security flaws and should not be used.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and
the Sun Java 5 Software Development Kit.
The java-1.5.0-sun packages are vulnerable to a number of security flaws
and should no longer be used. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,
CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091,
CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,
CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842,
CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847,
CVE-2010-0848, CVE-2010-0849)
The Sun Java SE Release family 5.0 reached its End of Service Life on
November 3, 2009. The RHSA-2009:1571 update provided the final publicly
available update of version 5.0 (Update 22). Users interested in continuing
to receive critical fixes for Sun Java SE 5.0 should contact Oracle:
http://www.sun.com/software/javaforbusiness/index.jsp
An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the
IBM Developer Kit for Linux, which is available from the Extras and
Supplementary channels on the Red Hat Network.
Applications capable of using the Java 6 runtime can be migrated to Java 6
on: OpenJDK (java-1.6.0-openjdk), an open source JDK included in Red Hat
Enterprise Linux 5, since 5.3; the IBM JDK, java-1.6.0-ibm; or the Sun JDK,
java-1.6.0-sun.
This update removes the java-1.5.0-sun packages as they have reached their
End of Service Life.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The java-1.5.0-sun packages as shipped in Red Hat Enterprise Linux 4 Extras\nand 5 Supplementary contain security flaws and should not be used.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThe java-1.5.0-sun packages are vulnerable to a number of security flaws\nand should no longer be used. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,\nCVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091,\nCVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,\nCVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842,\nCVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847,\nCVE-2010-0848, CVE-2010-0849)\n\nThe Sun Java SE Release family 5.0 reached its End of Service Life on\nNovember 3, 2009. The RHSA-2009:1571 update provided the final publicly\navailable update of version 5.0 (Update 22). Users interested in continuing\nto receive critical fixes for Sun Java SE 5.0 should contact Oracle:\n\nhttp://www.sun.com/software/javaforbusiness/index.jsp\n\nAn alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the\nIBM Developer Kit for Linux, which is available from the Extras and\nSupplementary channels on the Red Hat Network.\n\nApplications capable of using the Java 6 runtime can be migrated to Java 6\non: OpenJDK (java-1.6.0-openjdk), an open source JDK included in Red Hat\nEnterprise Linux 5, since 5.3; the IBM JDK, java-1.6.0-ibm; or the Sun JDK,\njava-1.6.0-sun.\n\nThis update removes the java-1.5.0-sun packages as they have reached their\nEnd of Service Life.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0338", "url": "https://access.redhat.com/errata/RHSA-2010:0338" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html", "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html" }, { "category": "external", "summary": "533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "575736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575736" }, { "category": "external", "summary": "575740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740" }, { "category": "external", "summary": "575747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747" }, { "category": "external", "summary": "575755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755" }, { "category": "external", "summary": "575756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756" }, { "category": "external", "summary": "575760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575760" }, { "category": "external", "summary": "575764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575764" }, { "category": "external", "summary": "575769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575769" }, { "category": "external", "summary": "575772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772" }, { "category": "external", "summary": "575775", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575775" }, { "category": "external", "summary": "575808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575808" }, { "category": "external", "summary": "575818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575818" }, { "category": "external", "summary": "575846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846" }, { "category": "external", "summary": "575854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575854" }, { "category": "external", "summary": "575865", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865" }, { "category": "external", "summary": "575871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575871" }, { "category": "external", "summary": "578430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578430" }, { "category": "external", "summary": "578432", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578432" }, { "category": "external", "summary": "578433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578433" }, { "category": "external", "summary": "578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "578440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578440" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0338.json" } ], "title": "Red Hat Security Advisory: java-1.5.0-sun security update", "tracking": { "current_release_date": "2024-11-14T10:48:44+00:00", "generator": { "date": "2024-11-14T10:48:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2010:0338", "initial_release_date": "2010-04-01T02:56:00+00:00", "revision_history": [ { "date": "2010-04-01T02:56:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-04-01T00:04:18+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:48:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::server" } } }, { "category": "product_name", "name": "RHEL Supplementary (v. 5.2.Z server)", "product": { "name": "RHEL Supplementary (v. 5.2.Z server)", "product_id": "5Server-Supplementary-5.2.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5" } } }, { "category": "product_name", "name": "RHEL Supplementary (v. 5.3.Z server)", "product": { "name": "RHEL Supplementary (v. 5.3.Z server)", "product_id": "5Server-Supplementary-5.3.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4.7.z Extras", "product": { "name": "Red Hat Enterprise Linux AS version 4.7.z Extras", "product_id": "4AS-4.7.z-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4.7.z" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4.7.z Extras", "product": { "name": "Red Hat Enterprise Linux ES version 4.7.z Extras", "product_id": "4ES-4.7.z-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4.7.z" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Desktop version 4 Extras", "product": { "name": "Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4 Extras", "product": { "name": "Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "product": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "product_id": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-sun-uninstall@1.5.0.22-1jpp.3.el5?arch=x86_64" } } }, { "category": "product_version", "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "product": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "product_id": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-sun-uninstall@1.5.0.22-1jpp.3.el4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "product": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "product_id": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-sun-uninstall@1.5.0.22-1jpp.3.el5?arch=i586" } } }, { "category": "product_version", "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "product": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "product_id": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-sun-uninstall@1.5.0.22-1jpp.3.el4?arch=i586" } } } ], "category": "architecture", "name": "i586" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586 as a component of Red Hat Enterprise Linux AS version 4.7.z Extras", "product_id": "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "relates_to_product_reference": "4AS-4.7.z-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4.7.z Extras", "product_id": "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "relates_to_product_reference": "4AS-4.7.z-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586 as a component of Red Hat Enterprise Linux ES version 4.7.z Extras", "product_id": "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "relates_to_product_reference": "4ES-4.7.z-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4.7.z Extras", "product_id": "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "relates_to_product_reference": "4ES-4.7.z-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586 as a component of RHEL Supplementary (v. 5.2.Z server)", "product_id": "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "relates_to_product_reference": "5Server-Supplementary-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64 as a component of RHEL Supplementary (v. 5.2.Z server)", "product_id": "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586 as a component of RHEL Supplementary (v. 5.3.Z server)", "product_id": "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "relates_to_product_reference": "5Server-Supplementary-5.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64 as a component of RHEL Supplementary (v. 5.3.Z server)", "product_id": "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary-5.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-3555", "cwe": { "id": "CWE-300", "name": "Channel Accessible by Non-Endpoint" }, "discovery_date": "2009-10-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533125" } ], "notes": [ { "category": "description", "text": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "TLS: MITM attacks via session renegotiation", "title": "Vulnerability summary" }, { "category": "other", "text": "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3555" }, { "category": "external", "summary": "RHBZ#533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3555", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555" } ], "release_date": "2009-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "TLS: MITM attacks via session renegotiation" }, { "cve": "CVE-2010-0082", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575736" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0082" }, { "category": "external", "summary": "RHBZ#575736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575736" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0082", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0082" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0082", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0082" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)" }, { "cve": "CVE-2010-0084", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575740" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0084" }, { "category": "external", "summary": "RHBZ#575740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)" }, { "cve": "CVE-2010-0085", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575747" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK File TOCTOU deserialization vulnerability (6736390)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0085" }, { "category": "external", "summary": "RHBZ#575747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0085", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0085" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK File TOCTOU deserialization vulnerability (6736390)" }, { "cve": "CVE-2010-0087", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578433" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in JWS/Plugin component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0087" }, { "category": "external", "summary": "RHBZ#578433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578433" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0087", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0087" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0087", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0087" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in JWS/Plugin component" }, { "cve": "CVE-2010-0088", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575755" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Inflater/Deflater clone issues (6745393)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0088" }, { "category": "external", "summary": "RHBZ#575755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0088", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Inflater/Deflater clone issues (6745393)" }, { "cve": "CVE-2010-0089", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578440" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in JavaWS/Plugin component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0089" }, { "category": "external", "summary": "RHBZ#578440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578440" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0089", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0089" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0089", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0089" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK unspecified vulnerability in JavaWS/Plugin component" }, { "cve": "CVE-2010-0091", "discovery_date": "2008-07-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575756" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0091" }, { "category": "external", "summary": "RHBZ#575756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)" }, { "cve": "CVE-2010-0092", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575760" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error (6888149)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0092" }, { "category": "external", "summary": "RHBZ#575760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575760" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0092", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0092" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0092", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0092" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error (6888149)" }, { "cve": "CVE-2010-0093", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575764" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0093" }, { "category": "external", "summary": "RHBZ#575764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575764" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0093", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0093" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0093", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0093" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)" }, { "cve": "CVE-2010-0094", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575769" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0094" }, { "category": "external", "summary": "RHBZ#575769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575769" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0094", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0094" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0094", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0094" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)" }, { "cve": "CVE-2010-0095", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575772" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0095" }, { "category": "external", "summary": "RHBZ#575772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0095", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)" }, { "cve": "CVE-2010-0837", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575818" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JAR \"unpack200\" must verify input parameters (6902299)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0837" }, { "category": "external", "summary": "RHBZ#575818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575818" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0837", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0837" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0837", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0837" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK JAR \"unpack200\" must verify input parameters (6902299)" }, { "cve": "CVE-2010-0838", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575808" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0838" }, { "category": "external", "summary": "RHBZ#575808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575808" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0838", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0838" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0838", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0838" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)" }, { "cve": "CVE-2010-0839", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0839" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0839", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0839" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0839", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0839" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0840", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575846" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) \"a similar trust issue with interfaces,\" aka \"Trusted Methods Chaining Remote Code Execution Vulnerability.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0840" }, { "category": "external", "summary": "RHBZ#575846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0840", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-05-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)" }, { "cve": "CVE-2010-0841", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575854" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and \"stepX\".", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0841" }, { "category": "external", "summary": "RHBZ#575854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575854" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0841", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0841" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0841", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0841" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)" }, { "cve": "CVE-2010-0842", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0842" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0842", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0842" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0842", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0842" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0843", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0843" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0843", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0843" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0843", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0843" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0844", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0844" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0844", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0844" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0844", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0844" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0845", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575775" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0845" }, { "category": "external", "summary": "RHBZ#575775", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575775" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0845", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0845" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0845", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0845" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)" }, { "cve": "CVE-2010-0846", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578430" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an \"invalid assignment\" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in ImageIO component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0846" }, { "category": "external", "summary": "RHBZ#578430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578430" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0846", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0846" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0846", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0846" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in ImageIO component" }, { "cve": "CVE-2010-0847", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575871" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0847" }, { "category": "external", "summary": "RHBZ#575871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575871" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0847", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0847" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)" }, { "cve": "CVE-2010-0848", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575865" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0848" }, { "category": "external", "summary": "RHBZ#575865", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0848", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0848" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)" }, { "cve": "CVE-2010-0849", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578432" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Java2D component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0849" }, { "category": "external", "summary": "RHBZ#578432", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578432" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0849", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0849" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0849", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0849" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in Java2D component" } ] }
rhsa-2010_0337
Vulnerability from csaf_redhat
Published
2010-04-01 00:21
Modified
2024-11-14 10:48
Summary
Red Hat Security Advisory: java-1.6.0-sun security update
Notes
Topic
Updated java-1.6.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.
This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. Further
information about these flaws can be found on the "Oracle Java SE and Java
for Business Critical Patch Update Advisory" page, listed in the
References section. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,
CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090,
CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095,
CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,
CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846,
CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)
For the CVE-2009-3555 issue, this update disables renegotiation in the Java
Secure Socket Extension (JSSE) component. Unsafe renegotiation can be
re-enabled using the sun.security.ssl.allowUnsafeRenegotiation property.
Refer to the following Knowledgebase article for details:
http://kbase.redhat.com/faq/docs/DOC-20491
Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-sun packages that correct several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. Further\ninformation about these flaws can be found on the \"Oracle Java SE and Java\nfor Business Critical Patch Update Advisory\" page, listed in the\nReferences section. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,\nCVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090,\nCVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095,\nCVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\nCVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846,\nCVE-2010-0847, CVE-2010-0848, CVE-2010-0849)\n\nFor the CVE-2009-3555 issue, this update disables renegotiation in the Java\nSecure Socket Extension (JSSE) component. Unsafe renegotiation can be\nre-enabled using the sun.security.ssl.allowUnsafeRenegotiation property.\nRefer to the following Knowledgebase article for details:\nhttp://kbase.redhat.com/faq/docs/DOC-20491\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0337", "url": "https://access.redhat.com/errata/RHSA-2010:0337" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://kbase.redhat.com/faq/docs/DOC-20491", "url": "http://kbase.redhat.com/faq/docs/DOC-20491" }, { "category": "external", "summary": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html", "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html" }, { "category": "external", "summary": "533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "575736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575736" }, { "category": "external", "summary": "575740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740" }, { "category": "external", "summary": "575747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747" }, { "category": "external", "summary": "575755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755" }, { "category": "external", "summary": "575756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756" }, { "category": "external", "summary": "575760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575760" }, { "category": "external", "summary": "575764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575764" }, { "category": "external", "summary": "575769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575769" }, { "category": "external", "summary": "575772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772" }, { "category": "external", "summary": "575775", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575775" }, { "category": "external", "summary": "575808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575808" }, { "category": "external", "summary": "575818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575818" }, { "category": "external", "summary": "575846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846" }, { "category": "external", "summary": "575854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575854" }, { "category": "external", "summary": "575865", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865" }, { "category": "external", "summary": "575871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575871" }, { "category": "external", "summary": "578430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578430" }, { "category": "external", "summary": "578432", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578432" }, { "category": "external", "summary": "578433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578433" }, { "category": "external", "summary": "578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "578437", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578437" }, { "category": "external", "summary": "578440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578440" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0337.json" } ], "title": "Red Hat Security Advisory: java-1.6.0-sun security update", "tracking": { "current_release_date": "2024-11-14T10:48:57+00:00", "generator": { "date": "2024-11-14T10:48:57+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2010:0337", "initial_release_date": "2010-04-01T00:21:00+00:00", "revision_history": [ { "date": "2010-04-01T00:21:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-03-31T20:21:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:48:57+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Desktop version 4 Extras", "product": { "name": "Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4 Extras", "product": { "name": "Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.19-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.19-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.19-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.19-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.19-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.19-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.19-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.19-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.19-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.19-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.19-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.19-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.19-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.19-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.19-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.19-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.19-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.19-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.19-1jpp.1.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "product_id": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.19-1jpp.1.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "product_id": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.19-1jpp.1.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.19-1jpp.1.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "product": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "product_id": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.19-1jpp.1.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "product_id": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.19-1jpp.1.el5?arch=i586\u0026epoch=1" } } } ], "category": "architecture", "name": "i586" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-3555", "cwe": { "id": "CWE-300", "name": "Channel Accessible by Non-Endpoint" }, "discovery_date": "2009-10-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533125" } ], "notes": [ { "category": "description", "text": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "TLS: MITM attacks via session renegotiation", "title": "Vulnerability summary" }, { "category": "other", "text": "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3555" }, { "category": "external", "summary": "RHBZ#533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3555", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555" } ], "release_date": "2009-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "TLS: MITM attacks via session renegotiation" }, { "cve": "CVE-2010-0082", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575736" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0082" }, { "category": "external", "summary": "RHBZ#575736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575736" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0082", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0082" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0082", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0082" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)" }, { "cve": "CVE-2010-0084", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575740" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0084" }, { "category": "external", "summary": "RHBZ#575740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)" }, { "cve": "CVE-2010-0085", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575747" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK File TOCTOU deserialization vulnerability (6736390)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0085" }, { "category": "external", "summary": "RHBZ#575747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0085", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0085" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK File TOCTOU deserialization vulnerability (6736390)" }, { "cve": "CVE-2010-0087", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578433" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in JWS/Plugin component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0087" }, { "category": "external", "summary": "RHBZ#578433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578433" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0087", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0087" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0087", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0087" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in JWS/Plugin component" }, { "cve": "CVE-2010-0088", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575755" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Inflater/Deflater clone issues (6745393)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0088" }, { "category": "external", "summary": "RHBZ#575755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0088", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Inflater/Deflater clone issues (6745393)" }, { "cve": "CVE-2010-0089", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578440" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in JavaWS/Plugin component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0089" }, { "category": "external", "summary": "RHBZ#578440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578440" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0089", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0089" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0089", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0089" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK unspecified vulnerability in JavaWS/Plugin component" }, { "cve": "CVE-2010-0090", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578437" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in JavaWS/Plugin component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0090" }, { "category": "external", "summary": "RHBZ#578437", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578437" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0090", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0090" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0090", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0090" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in JavaWS/Plugin component" }, { "cve": "CVE-2010-0091", "discovery_date": "2008-07-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575756" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0091" }, { "category": "external", "summary": "RHBZ#575756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)" }, { "cve": "CVE-2010-0092", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575760" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error (6888149)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0092" }, { "category": "external", "summary": "RHBZ#575760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575760" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0092", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0092" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0092", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0092" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error (6888149)" }, { "cve": "CVE-2010-0093", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575764" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0093" }, { "category": "external", "summary": "RHBZ#575764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575764" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0093", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0093" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0093", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0093" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)" }, { "cve": "CVE-2010-0094", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575769" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0094" }, { "category": "external", "summary": "RHBZ#575769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575769" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0094", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0094" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0094", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0094" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)" }, { "cve": "CVE-2010-0095", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575772" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0095" }, { "category": "external", "summary": "RHBZ#575772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0095", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)" }, { "cve": "CVE-2010-0837", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575818" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JAR \"unpack200\" must verify input parameters (6902299)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0837" }, { "category": "external", "summary": "RHBZ#575818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575818" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0837", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0837" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0837", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0837" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK JAR \"unpack200\" must verify input parameters (6902299)" }, { "cve": "CVE-2010-0838", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575808" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0838" }, { "category": "external", "summary": "RHBZ#575808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575808" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0838", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0838" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0838", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0838" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)" }, { "cve": "CVE-2010-0839", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0839" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0839", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0839" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0839", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0839" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0840", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575846" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) \"a similar trust issue with interfaces,\" aka \"Trusted Methods Chaining Remote Code Execution Vulnerability.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0840" }, { "category": "external", "summary": "RHBZ#575846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0840", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-05-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)" }, { "cve": "CVE-2010-0841", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575854" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and \"stepX\".", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0841" }, { "category": "external", "summary": "RHBZ#575854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575854" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0841", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0841" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0841", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0841" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)" }, { "cve": "CVE-2010-0842", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0842" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0842", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0842" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0842", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0842" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0843", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0843" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0843", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0843" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0843", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0843" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0844", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0844" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0844", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0844" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0844", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0844" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0845", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575775" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0845" }, { "category": "external", "summary": "RHBZ#575775", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575775" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0845", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0845" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0845", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0845" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)" }, { "cve": "CVE-2010-0846", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578430" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an \"invalid assignment\" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in ImageIO component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0846" }, { "category": "external", "summary": "RHBZ#578430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578430" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0846", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0846" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0846", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0846" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in ImageIO component" }, { "cve": "CVE-2010-0847", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575871" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0847" }, { "category": "external", "summary": "RHBZ#575871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575871" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0847", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0847" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)" }, { "cve": "CVE-2010-0848", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575865" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0848" }, { "category": "external", "summary": "RHBZ#575865", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0848", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0848" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)" }, { "cve": "CVE-2010-0849", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578432" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Java2D component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0849" }, { "category": "external", "summary": "RHBZ#578432", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578432" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0849", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0849" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0849", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0849" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:21:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0337" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in Java2D component" } ] }
rhsa-2010_0339
Vulnerability from csaf_redhat
Published
2010-04-01 00:14
Modified
2024-11-14 10:48
Summary
Red Hat Security Advisory: java-1.6.0-openjdk security update
Notes
Topic
Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
contains the software and tools that users need to run applications written
using the Java programming language.
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. (CVE-2009-3555)
This update disables renegotiation in the Java Secure Socket Extension
(JSSE) component. Unsafe renegotiation can be re-enabled using the
sun.security.ssl.allowUnsafeRenegotiation property. Refer to the following
Knowledgebase article for details:
http://kbase.redhat.com/faq/docs/DOC-20491
A number of flaws have been fixed in the Java Virtual Machine (JVM) and in
various Java class implementations. These flaws could allow an unsigned
applet or application to bypass intended access restrictions.
(CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0094)
An untrusted applet could access clipboard information if a drag operation
was performed over that applet's canvas. This could lead to an information
leak. (CVE-2010-0091)
The rawIndex operation incorrectly handled large values, causing the
corruption of internal memory structures, resulting in an untrusted applet
or application crashing. (CVE-2010-0092)
The System.arraycopy operation incorrectly handled large index values,
potentially causing array corruption in an untrusted applet or application.
(CVE-2010-0093)
Subclasses of InetAddress may incorrectly interpret network addresses,
allowing an untrusted applet or application to bypass network access
restrictions. (CVE-2010-0095)
In certain cases, type assignments could result in "non-exact" interface
types. This could be used to bypass type-safety restrictions.
(CVE-2010-0845)
A buffer overflow flaw in LittleCMS (embedded in OpenJDK) could cause an
untrusted applet or application using color profiles from untrusted sources
to crash. (CVE-2010-0838)
An input validation flaw was found in the JRE unpack200 functionality. An
untrusted applet or application could use this flaw to elevate its
privileges. (CVE-2010-0837)
Deferred calls to trusted applet methods could be granted incorrect
permissions, allowing an untrusted applet or application to extend its
privileges. (CVE-2010-0840)
A missing input validation flaw in the JRE could allow an attacker to crash
an untrusted applet or application. (CVE-2010-0848)
A flaw in Java2D could allow an attacker to execute arbitrary code with the
privileges of a user running an untrusted applet or application that uses
Java2D. (CVE-2010-0847)
Note: The flaws concerning applets in this advisory, CVE-2010-0082,
CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092,
CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,
CVE-2010-0840, CVE-2010-0847, and CVE-2010-0848, can only be triggered in
java-1.6.0-openjdk by calling the "appletviewer" application.
This update also provides three defense in depth patches. (BZ#575745,
BZ#575861, BZ#575789)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client\u0027s\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker\u0027s request as if authenticated using the\nvictim\u0027s credentials. (CVE-2009-3555)\n\nThis update disables renegotiation in the Java Secure Socket Extension\n(JSSE) component. Unsafe renegotiation can be re-enabled using the\nsun.security.ssl.allowUnsafeRenegotiation property. Refer to the following\nKnowledgebase article for details:\nhttp://kbase.redhat.com/faq/docs/DOC-20491\n\nA number of flaws have been fixed in the Java Virtual Machine (JVM) and in\nvarious Java class implementations. These flaws could allow an unsigned\napplet or application to bypass intended access restrictions.\n(CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0094)\n\nAn untrusted applet could access clipboard information if a drag operation\nwas performed over that applet\u0027s canvas. This could lead to an information\nleak. (CVE-2010-0091)\n\nThe rawIndex operation incorrectly handled large values, causing the\ncorruption of internal memory structures, resulting in an untrusted applet\nor application crashing. (CVE-2010-0092)\n\nThe System.arraycopy operation incorrectly handled large index values,\npotentially causing array corruption in an untrusted applet or application.\n(CVE-2010-0093)\n\nSubclasses of InetAddress may incorrectly interpret network addresses,\nallowing an untrusted applet or application to bypass network access\nrestrictions. (CVE-2010-0095)\n\nIn certain cases, type assignments could result in \"non-exact\" interface\ntypes. This could be used to bypass type-safety restrictions.\n(CVE-2010-0845)\n\nA buffer overflow flaw in LittleCMS (embedded in OpenJDK) could cause an\nuntrusted applet or application using color profiles from untrusted sources\nto crash. (CVE-2010-0838)\n\nAn input validation flaw was found in the JRE unpack200 functionality. An\nuntrusted applet or application could use this flaw to elevate its\nprivileges. (CVE-2010-0837)\n\nDeferred calls to trusted applet methods could be granted incorrect\npermissions, allowing an untrusted applet or application to extend its\nprivileges. (CVE-2010-0840)\n\nA missing input validation flaw in the JRE could allow an attacker to crash\nan untrusted applet or application. (CVE-2010-0848)\n\nA flaw in Java2D could allow an attacker to execute arbitrary code with the\nprivileges of a user running an untrusted applet or application that uses\nJava2D. (CVE-2010-0847)\n\nNote: The flaws concerning applets in this advisory, CVE-2010-0082,\nCVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092,\nCVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,\nCVE-2010-0840, CVE-2010-0847, and CVE-2010-0848, can only be triggered in\njava-1.6.0-openjdk by calling the \"appletviewer\" application.\n\nThis update also provides three defense in depth patches. (BZ#575745,\nBZ#575861, BZ#575789)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0339", "url": "https://access.redhat.com/errata/RHSA-2010:0339" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://kbase.redhat.com/faq/docs/DOC-20491", "url": "http://kbase.redhat.com/faq/docs/DOC-20491" }, { "category": "external", "summary": "533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "575736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575736" }, { "category": "external", "summary": "575740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740" }, { "category": "external", "summary": "575745", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575745" }, { "category": "external", "summary": "575747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747" }, { "category": "external", "summary": "575755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755" }, { "category": "external", "summary": "575756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756" }, { "category": "external", "summary": "575760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575760" }, { "category": "external", "summary": "575764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575764" }, { "category": "external", "summary": "575769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575769" }, { "category": "external", "summary": "575772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772" }, { "category": "external", "summary": "575775", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575775" }, { "category": "external", "summary": "575789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575789" }, { "category": "external", "summary": "575808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575808" }, { "category": "external", "summary": "575818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575818" }, { "category": "external", "summary": "575846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846" }, { "category": "external", "summary": "575861", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575861" }, { "category": "external", "summary": "575865", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865" }, { "category": "external", "summary": "575871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575871" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0339.json" } ], "title": "Red Hat Security Advisory: java-1.6.0-openjdk security update", "tracking": { "current_release_date": "2024-11-14T10:48:49+00:00", "generator": { "date": "2024-11-14T10:48:49+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2010:0339", "initial_release_date": "2010-04-01T00:14:00+00:00", "revision_history": [ { "date": "2010-04-01T00:14:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-03-31T20:14:40+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:48:49+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "product": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.11.b16.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "product": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.11.b16.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.11.b16.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "product": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.11.b16.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "product": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.11.b16.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "product": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.11.b16.el5?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "product": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.11.b16.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "product": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.11.b16.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.11.b16.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "product": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.11.b16.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "product": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.11.b16.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "product": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.11.b16.el5?arch=i386\u0026epoch=1" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.11.b16.el5?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "relates_to_product_reference": "5Server" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-3555", "cwe": { "id": "CWE-300", "name": "Channel Accessible by Non-Endpoint" }, "discovery_date": "2009-10-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533125" } ], "notes": [ { "category": "description", "text": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "TLS: MITM attacks via session renegotiation", "title": "Vulnerability summary" }, { "category": "other", "text": "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3555" }, { "category": "external", "summary": "RHBZ#533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3555", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555" } ], "release_date": "2009-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "TLS: MITM attacks via session renegotiation" }, { "cve": "CVE-2010-0082", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575736" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0082" }, { "category": "external", "summary": "RHBZ#575736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575736" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0082", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0082" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0082", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0082" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)" }, { "cve": "CVE-2010-0084", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575740" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0084" }, { "category": "external", "summary": "RHBZ#575740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)" }, { "cve": "CVE-2010-0085", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575747" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK File TOCTOU deserialization vulnerability (6736390)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0085" }, { "category": "external", "summary": "RHBZ#575747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0085", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0085" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK File TOCTOU deserialization vulnerability (6736390)" }, { "cve": "CVE-2010-0088", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575755" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Inflater/Deflater clone issues (6745393)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0088" }, { "category": "external", "summary": "RHBZ#575755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0088", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Inflater/Deflater clone issues (6745393)" }, { "cve": "CVE-2010-0091", "discovery_date": "2008-07-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575756" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0091" }, { "category": "external", "summary": "RHBZ#575756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)" }, { "cve": "CVE-2010-0092", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575760" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error (6888149)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0092" }, { "category": "external", "summary": "RHBZ#575760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575760" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0092", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0092" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0092", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0092" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error (6888149)" }, { "cve": "CVE-2010-0093", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575764" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0093" }, { "category": "external", "summary": "RHBZ#575764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575764" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0093", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0093" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0093", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0093" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)" }, { "cve": "CVE-2010-0094", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575769" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0094" }, { "category": "external", "summary": "RHBZ#575769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575769" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0094", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0094" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0094", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0094" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)" }, { "cve": "CVE-2010-0095", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575772" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0095" }, { "category": "external", "summary": "RHBZ#575772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0095", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)" }, { "cve": "CVE-2010-0837", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575818" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JAR \"unpack200\" must verify input parameters (6902299)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0837" }, { "category": "external", "summary": "RHBZ#575818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575818" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0837", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0837" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0837", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0837" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK JAR \"unpack200\" must verify input parameters (6902299)" }, { "cve": "CVE-2010-0838", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575808" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0838" }, { "category": "external", "summary": "RHBZ#575808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575808" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0838", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0838" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0838", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0838" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)" }, { "cve": "CVE-2010-0840", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575846" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) \"a similar trust issue with interfaces,\" aka \"Trusted Methods Chaining Remote Code Execution Vulnerability.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0840" }, { "category": "external", "summary": "RHBZ#575846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0840", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-05-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)" }, { "cve": "CVE-2010-0845", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575775" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0845" }, { "category": "external", "summary": "RHBZ#575775", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575775" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0845", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0845" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0845", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0845" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)" }, { "cve": "CVE-2010-0847", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575871" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0847" }, { "category": "external", "summary": "RHBZ#575871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575871" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0847", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0847" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)" }, { "cve": "CVE-2010-0848", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575865" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0848" }, { "category": "external", "summary": "RHBZ#575865", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0848", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0848" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T00:14:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0339" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)" } ] }
gsd-2010-0093
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2010-0093", "description": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.", "id": "GSD-2010-0093", "references": [ "https://www.suse.com/security/cve/CVE-2010-0093.html", "https://access.redhat.com/errata/RHSA-2010:0339", "https://access.redhat.com/errata/RHSA-2010:0338", "https://access.redhat.com/errata/RHSA-2010:0337", "https://linux.oracle.com/cve/CVE-2010-0093.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2010-0093" ], "details": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.", "id": "GSD-2010-0093", "modified": "2023-12-13T01:21:28.646865Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2010-0093", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2010-05-18-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" }, { "name": "HPSBMU02799", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "name": "39317", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39317" }, { "name": "40545", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40545" }, { "name": "39819", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39819" }, { "name": "ADV-2010-1107", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "name": "RHSA-2010:0338", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" }, { "name": "ADV-2010-1793", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1793" }, { "name": "APPLE-SA-2010-05-18-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" }, { "name": "SUSE-SR:2010:011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "name": "43308", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43308" }, { "name": "oval:org.mitre.oval:def:9877", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9877" }, { "name": "oval:org.mitre.oval:def:14288", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14288" }, { "name": "SSRT100179", "refsource": "HP", "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "name": "SSRT100089", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" }, { "name": "RHSA-2010:0339", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" }, { "name": "HPSBUX02524", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "name": "39292", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39292" }, { "name": "http://support.apple.com/kb/HT4170", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4170" }, { "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "name": "SUSE-SR:2010:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "name": "USN-923-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-923-1" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "name": "RHSA-2010:0337", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" }, { "name": "63485", "refsource": "OSVDB", "url": "http://osvdb.org/63485" }, { "name": "HPSBMA02547", "refsource": "HP", "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "name": "http://support.apple.com/kb/HT4171", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4171" }, { "name": "MDVSA-2010:084", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" }, { "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "name": "ADV-2010-1191", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1191" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:*:update_18:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:*:update_18:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:*:update23:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.4.2_25", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:*:update23:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.4.2_25", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2010-0093" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ] }, "references": { "reference_data": [ { "name": "63485", "refsource": "OSVDB", "tags": [], "url": "http://osvdb.org/63485" }, { "name": "RHSA-2010:0337", "refsource": "REDHAT", "tags": [], "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" }, { "name": "RHSA-2010:0338", "refsource": "REDHAT", "tags": [], "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" }, { "name": "RHSA-2010:0339", "refsource": "REDHAT", "tags": [], "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" }, { "name": "SUSE-SR:2010:008", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "name": "39292", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/39292" }, { "name": "USN-923-1", "refsource": "UBUNTU", "tags": [], "url": "http://ubuntu.com/usn/usn-923-1" }, { "name": "39317", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/39317" }, { "name": "MDVSA-2010:084", "refsource": "MANDRIVA", "tags": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" }, { "name": "ADV-2010-1107", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "name": "SUSE-SR:2010:011", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "name": "APPLE-SA-2010-05-18-2", "refsource": "APPLE", "tags": [], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" }, { "name": "39819", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/39819" }, { "name": "http://support.apple.com/kb/HT4171", "refsource": "CONFIRM", "tags": [], "url": "http://support.apple.com/kb/HT4171" }, { "name": "APPLE-SA-2010-05-18-1", "refsource": "APPLE", "tags": [], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" }, { "name": "http://support.apple.com/kb/HT4170", "refsource": "CONFIRM", "tags": [], "url": "http://support.apple.com/kb/HT4170" }, { "name": "ADV-2010-1191", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2010/1191" }, { "name": "40545", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/40545" }, { "name": "ADV-2010-1793", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2010/1793" }, { "name": "SSRT100179", "refsource": "HP", "tags": [], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "name": "43308", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/43308" }, { "name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" }, { "name": "HPSBMU02799", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "name": "SSRT100089", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "name": "oval:org.mitre.oval:def:9877", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9877" }, { "name": "oval:org.mitre.oval:def:14288", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14288" }, { "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2018-10-30T16:26Z", "publishedDate": "2010-04-01T16:30Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.