RHSA-2010:0586
Vulnerability from csaf_redhat - Published: 2010-08-02 20:43 - Updated: 2026-01-13 22:17Summary
Red Hat Security Advisory: java-1.4.2-ibm-sap security update
Severity
Moderate
Notes
Topic: Updated java-1.4.2-ibm-sap packages that fix several security issues are
now available for Red Hat Enterprise Linux 4 and 5 for SAP.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details: The IBM 1.4.2 SR13-FP5 Java release includes the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit.
This update fixes several vulnerabilities in the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit. These
vulnerabilities are summarized on the IBM "Security alerts" page listed in
the References section. (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087,
CVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0095, CVE-2010-0839,
CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844,
CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)
Note: The java-1.4.2-ibm packages were renamed to java-1.4.2-ibm-sap to
correct a naming overlap; however, java-1.4.2-ibm-sap does not
automatically obsolete the previous java-1.4.2-ibm packages for Red Hat
Enterprise Linux 4 and 5 for SAP. Refer to the RHBA-2010:0491 and
RHBA-2010:0530 advisories, listed in the References, for further
information.
All users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4 and 5 for
SAP are advised to upgrade to these updated packages, which contain the IBM
1.4.2 SR13-FP5 Java release. All running instances of IBM Java must be
restarted for this update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.
5.0 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.
5.1 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
7.5 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.
6.8 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.
5.0 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.
4.3 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.
6.8 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
7.5 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
7.5 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX".
7.5 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.
7.5 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.
7.5 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.
7.5 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).
7.5 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.
5.1 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
7.5 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.
7.5 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0586
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.4.2-ibm-sap packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 and 5 for SAP.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The IBM 1.4.2 SR13-FP5 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087,\nCVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0095, CVE-2010-0839,\nCVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844,\nCVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)\n\nNote: The java-1.4.2-ibm packages were renamed to java-1.4.2-ibm-sap to\ncorrect a naming overlap; however, java-1.4.2-ibm-sap does not\nautomatically obsolete the previous java-1.4.2-ibm packages for Red Hat\nEnterprise Linux 4 and 5 for SAP. Refer to the RHBA-2010:0491 and\nRHBA-2010:0530 advisories, listed in the References, for further\ninformation.\n\nAll users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4 and 5 for\nSAP are advised to upgrade to these updated packages, which contain the IBM\n1.4.2 SR13-FP5 Java release. All running instances of IBM Java must be\nrestarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0586",
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"category": "external",
"summary": "https://rhn.redhat.com/errata/RHBA-2010-0491.html",
"url": "https://rhn.redhat.com/errata/RHBA-2010-0491.html"
},
{
"category": "external",
"summary": "https://rhn.redhat.com/errata/RHBA-2010-0530.html",
"url": "https://rhn.redhat.com/errata/RHBA-2010-0530.html"
},
{
"category": "external",
"summary": "575740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740"
},
{
"category": "external",
"summary": "575747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747"
},
{
"category": "external",
"summary": "575755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755"
},
{
"category": "external",
"summary": "575756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756"
},
{
"category": "external",
"summary": "575772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772"
},
{
"category": "external",
"summary": "575846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846"
},
{
"category": "external",
"summary": "575854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575854"
},
{
"category": "external",
"summary": "575865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865"
},
{
"category": "external",
"summary": "575871",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575871"
},
{
"category": "external",
"summary": "578430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578430"
},
{
"category": "external",
"summary": "578432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578432"
},
{
"category": "external",
"summary": "578433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578433"
},
{
"category": "external",
"summary": "578436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436"
},
{
"category": "external",
"summary": "578440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578440"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0586.json"
}
],
"title": "Red Hat Security Advisory: java-1.4.2-ibm-sap security update",
"tracking": {
"current_release_date": "2026-01-13T22:17:20+00:00",
"generator": {
"date": "2026-01-13T22:17:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2010:0586",
"initial_release_date": "2010-08-02T20:43:00+00:00",
"revision_history": [
{
"date": "2010-08-02T20:43:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-08-02T16:44:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:17:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL 4 AS for SAP",
"product": {
"name": "RHEL 4 AS for SAP",
"product_id": "4AS-SAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_sap:4"
}
}
},
{
"category": "product_name",
"name": "RHEL 5 Server for SAP",
"product": {
"name": "RHEL 5 Server for SAP",
"product_id": "5Server-SAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_sap:5"
}
}
}
],
"category": "product_family",
"name": "RHEL for SAP"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product": {
"name": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product_id": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-demo@1.4.2.13.5.sap-1jpp.1.el4_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product": {
"name": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product_id": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-devel@1.4.2.13.5.sap-1jpp.1.el4_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product": {
"name": "java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product_id": "java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap@1.4.2.13.5.sap-1jpp.1.el4_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product": {
"name": "java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product_id": "java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-src@1.4.2.13.5.sap-1jpp.1.el4_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product": {
"name": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product_id": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-javacomm@1.4.2.13.5.sap-1jpp.1.el4_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product_id": "java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-src@1.4.2.13.5.sap-1jpp.1.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product_id": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-demo@1.4.2.13.5.sap-1jpp.1.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product_id": "java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap@1.4.2.13.5.sap-1jpp.1.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product_id": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-devel@1.4.2.13.5.sap-1jpp.1.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product_id": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-javacomm@1.4.2.13.5.sap-1jpp.1.el5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64 as a component of RHEL 4 AS for SAP",
"product_id": "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64"
},
"product_reference": "java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"relates_to_product_reference": "4AS-SAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64 as a component of RHEL 4 AS for SAP",
"product_id": "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64"
},
"product_reference": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"relates_to_product_reference": "4AS-SAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64 as a component of RHEL 4 AS for SAP",
"product_id": "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64"
},
"product_reference": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"relates_to_product_reference": "4AS-SAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64 as a component of RHEL 4 AS for SAP",
"product_id": "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64"
},
"product_reference": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"relates_to_product_reference": "4AS-SAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64 as a component of RHEL 4 AS for SAP",
"product_id": "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64"
},
"product_reference": "java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"relates_to_product_reference": "4AS-SAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64 as a component of RHEL 5 Server for SAP",
"product_id": "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-SAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64 as a component of RHEL 5 Server for SAP",
"product_id": "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-SAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64 as a component of RHEL 5 Server for SAP",
"product_id": "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-SAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64 as a component of RHEL 5 Server for SAP",
"product_id": "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-SAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64 as a component of RHEL 5 Server for SAP",
"product_id": "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-0084",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575740"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0084"
},
{
"category": "external",
"summary": "RHBZ#575740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)"
},
{
"cve": "CVE-2010-0085",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575747"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK File TOCTOU deserialization vulnerability (6736390)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0085"
},
{
"category": "external",
"summary": "RHBZ#575747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0085",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK File TOCTOU deserialization vulnerability (6736390)"
},
{
"cve": "CVE-2010-0087",
"discovery_date": "2010-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "578433"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK unspecified vulnerability in JWS/Plugin component",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0087"
},
{
"category": "external",
"summary": "RHBZ#578433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0087",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0087"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0087",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0087"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK unspecified vulnerability in JWS/Plugin component"
},
{
"cve": "CVE-2010-0088",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575755"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Inflater/Deflater clone issues (6745393)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0088"
},
{
"category": "external",
"summary": "RHBZ#575755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0088",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0088"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK Inflater/Deflater clone issues (6745393)"
},
{
"cve": "CVE-2010-0089",
"discovery_date": "2010-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "578440"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK unspecified vulnerability in JavaWS/Plugin component",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0089"
},
{
"category": "external",
"summary": "RHBZ#578440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0089",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0089"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0089",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0089"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK unspecified vulnerability in JavaWS/Plugin component"
},
{
"cve": "CVE-2010-0091",
"discovery_date": "2008-07-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575756"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0091"
},
{
"category": "external",
"summary": "RHBZ#575756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0091",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0091"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)"
},
{
"cve": "CVE-2010-0095",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575772"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0095"
},
{
"category": "external",
"summary": "RHBZ#575772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)"
},
{
"cve": "CVE-2010-0839",
"discovery_date": "2010-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "578436"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK multiple unspecified vulnerabilities",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0839"
},
{
"category": "external",
"summary": "RHBZ#578436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0839"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0839"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK multiple unspecified vulnerabilities"
},
{
"cve": "CVE-2010-0840",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575846"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) \"a similar trust issue with interfaces,\" aka \"Trusted Methods Chaining Remote Code Execution Vulnerability.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0840"
},
{
"category": "external",
"summary": "RHBZ#575846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)"
},
{
"cve": "CVE-2010-0841",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575854"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and \"stepX\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0841"
},
{
"category": "external",
"summary": "RHBZ#575854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0841"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0841",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0841"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)"
},
{
"cve": "CVE-2010-0842",
"discovery_date": "2010-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "578436"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK multiple unspecified vulnerabilities",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0842"
},
{
"category": "external",
"summary": "RHBZ#578436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0842",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0842"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK multiple unspecified vulnerabilities"
},
{
"cve": "CVE-2010-0843",
"discovery_date": "2010-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "578436"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK multiple unspecified vulnerabilities",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0843"
},
{
"category": "external",
"summary": "RHBZ#578436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0843",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0843"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK multiple unspecified vulnerabilities"
},
{
"cve": "CVE-2010-0844",
"discovery_date": "2010-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "578436"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK multiple unspecified vulnerabilities",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0844"
},
{
"category": "external",
"summary": "RHBZ#578436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0844",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0844"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0844",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0844"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK multiple unspecified vulnerabilities"
},
{
"cve": "CVE-2010-0846",
"discovery_date": "2010-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "578430"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an \"invalid assignment\" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK unspecified vulnerability in ImageIO component",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0846"
},
{
"category": "external",
"summary": "RHBZ#578430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578430"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0846",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0846"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0846",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0846"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK unspecified vulnerability in ImageIO component"
},
{
"cve": "CVE-2010-0847",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575871"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0847"
},
{
"category": "external",
"summary": "RHBZ#575871",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575871"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0847"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)"
},
{
"cve": "CVE-2010-0848",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575865"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0848"
},
{
"category": "external",
"summary": "RHBZ#575865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0848",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0848"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)"
},
{
"cve": "CVE-2010-0849",
"discovery_date": "2010-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "578432"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK unspecified vulnerability in Java2D component",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0849"
},
{
"category": "external",
"summary": "RHBZ#578432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0849",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0849"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0849",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0849"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-02T20:43:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0586"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64",
"5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK unspecified vulnerability in Java2D component"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…