rhsa-2010_0986
Vulnerability from csaf_redhat
Published
2010-12-15 22:41
Modified
2024-11-14 10:50
Summary
Red Hat Security Advisory: java-1.4.2-ibm-sap security update
Notes
Topic
Updated java-1.4.2-ibm-sap packages that fix several security issues are
now available for Red Hat Enterprise Linux 4, 5 and 6 for SAP.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The IBM 1.4.2 SR13-FP6 Java release includes the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit.
This update fixes several vulnerabilities in the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM "Security alerts" page,
listed in the References section. (CVE-2009-3555, CVE-2010-3541,
CVE-2010-3548, CVE-2010-3549, CVE-2010-3551, CVE-2010-3553, CVE-2010-3556,
CVE-2010-3557, CVE-2010-3562, CVE-2010-3565, CVE-2010-3568, CVE-2010-3569,
CVE-2010-3571, CVE-2010-3572)
Note: The java-1.4.2-ibm packages were renamed to java-1.4.2-ibm-sap to
correct a naming overlap; however, java-1.4.2-ibm-sap does not
automatically obsolete the previous java-1.4.2-ibm packages for Red Hat
Enterprise Linux 4 and 5 for SAP. Refer to the RHBA-2010:0491 and
RHBA-2010:0530 advisories, listed in the References, for further
information.
All users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4, 5 and 6 for
SAP are advised to upgrade to these updated packages, which contain the IBM
1.4.2 SR13-FP6 Java release. All running instances of IBM Java must be
restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.4.2-ibm-sap packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4, 5 and 6 for SAP.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The IBM 1.4.2 SR13-FP6 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2009-3555, CVE-2010-3541,\nCVE-2010-3548, CVE-2010-3549, CVE-2010-3551, CVE-2010-3553, CVE-2010-3556,\nCVE-2010-3557, CVE-2010-3562, CVE-2010-3565, CVE-2010-3568, CVE-2010-3569,\nCVE-2010-3571, CVE-2010-3572)\n\nNote: The java-1.4.2-ibm packages were renamed to java-1.4.2-ibm-sap to\ncorrect a naming overlap; however, java-1.4.2-ibm-sap does not\nautomatically obsolete the previous java-1.4.2-ibm packages for Red Hat\nEnterprise Linux 4 and 5 for SAP. Refer to the RHBA-2010:0491 and\nRHBA-2010:0530 advisories, listed in the References, for further\ninformation.\n\nAll users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4, 5 and 6 for\nSAP are advised to upgrade to these updated packages, which contain the IBM\n1.4.2 SR13-FP6 Java release. All running instances of IBM Java must be\nrestarted for this update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0986", "url": "https://access.redhat.com/errata/RHSA-2010:0986" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "http://www.ibm.com/developerworks/java/jdk/alerts/", "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "category": "external", "summary": "https://rhn.redhat.com/errata/RHBA-2010-0491.html", "url": "https://rhn.redhat.com/errata/RHBA-2010-0491.html" }, { "category": "external", "summary": "https://rhn.redhat.com/errata/RHBA-2010-0530.html", "url": "https://rhn.redhat.com/errata/RHBA-2010-0530.html" }, { "category": "external", "summary": "https://access.redhat.com/kb/docs/DOC-20491", "url": "https://access.redhat.com/kb/docs/DOC-20491" }, { "category": "external", "summary": "533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "639876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639876" }, { "category": "external", "summary": "639897", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639897" }, { "category": "external", "summary": "639904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639904" }, { "category": "external", "summary": "639909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639909" }, { "category": "external", "summary": "639920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639920" }, { "category": "external", "summary": "639925", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639925" }, { "category": "external", "summary": "642167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642167" }, { "category": "external", "summary": "642180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642180" }, { "category": "external", "summary": "642187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642187" }, { "category": "external", "summary": "642202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202" }, { "category": "external", "summary": "642576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642576" }, { "category": "external", "summary": "642585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642585" }, { "category": "external", "summary": "642611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642611" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0986.json" } ], "title": "Red Hat Security Advisory: java-1.4.2-ibm-sap security update", "tracking": { "current_release_date": "2024-11-14T10:50:13+00:00", "generator": { "date": "2024-11-14T10:50:13+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2010:0986", "initial_release_date": "2010-12-15T22:41:00+00:00", "revision_history": [ { "date": "2010-12-15T22:41:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-12-15T17:43:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:50:13+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHEL 4 AS for SAP", "product": { "name": "RHEL 4 AS for SAP", "product_id": "4AS-SAP", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_sap:4" } } }, { "category": "product_name", "name": "RHEL 5 Server for SAP", "product": { "name": "RHEL 5 Server for SAP", "product_id": "5Server-SAP", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_sap:5" } } } ], "category": "product_family", "name": "RHEL for SAP" }, { "branches": [ { "category": "product_version", "name": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product": { "name": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product_id": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-demo@1.4.2.13.6.sap-1jpp.1.el4_8?arch=x86_64" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product": { "name": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product_id": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-devel@1.4.2.13.6.sap-1jpp.1.el4_8?arch=x86_64" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product": { "name": "java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product_id": "java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap@1.4.2.13.6.sap-1jpp.1.el4_8?arch=x86_64" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product": { "name": "java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product_id": "java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-src@1.4.2.13.6.sap-1jpp.1.el4_8?arch=x86_64" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product": { "name": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product_id": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-javacomm@1.4.2.13.6.sap-1jpp.1.el4_8?arch=x86_64" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product": { "name": "java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product_id": "java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap@1.4.2.13.6.sap-1jpp.1.el5?arch=x86_64" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product": { "name": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product_id": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-javacomm@1.4.2.13.6.sap-1jpp.1.el5?arch=x86_64" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product": { "name": "java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product_id": "java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-src@1.4.2.13.6.sap-1jpp.1.el5?arch=x86_64" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product": { "name": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product_id": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-demo@1.4.2.13.6.sap-1jpp.1.el5?arch=x86_64" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product": { "name": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product_id": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-sap-devel@1.4.2.13.6.sap-1jpp.1.el5?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64 as a component of RHEL 4 AS for SAP", "product_id": "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64" }, "product_reference": "java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "relates_to_product_reference": "4AS-SAP" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64 as a component of RHEL 4 AS for SAP", "product_id": "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64" }, "product_reference": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "relates_to_product_reference": "4AS-SAP" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64 as a component of RHEL 4 AS for SAP", "product_id": "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64" }, "product_reference": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "relates_to_product_reference": "4AS-SAP" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64 as a component of RHEL 4 AS for SAP", "product_id": "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64" }, "product_reference": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "relates_to_product_reference": "4AS-SAP" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64 as a component of RHEL 4 AS for SAP", "product_id": "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64" }, "product_reference": "java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "relates_to_product_reference": "4AS-SAP" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64 as a component of RHEL 5 Server for SAP", "product_id": "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" }, "product_reference": "java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-SAP" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64 as a component of RHEL 5 Server for SAP", "product_id": "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" }, "product_reference": "java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-SAP" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64 as a component of RHEL 5 Server for SAP", "product_id": "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" }, "product_reference": "java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-SAP" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64 as a component of RHEL 5 Server for SAP", "product_id": "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" }, "product_reference": "java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-SAP" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64 as a component of RHEL 5 Server for SAP", "product_id": "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" }, "product_reference": "java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-SAP" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-3555", "cwe": { "id": "CWE-300", "name": "Channel Accessible by Non-Endpoint" }, "discovery_date": "2009-10-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533125" } ], "notes": [ { "category": "description", "text": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "TLS: MITM attacks via session renegotiation", "title": "Vulnerability summary" }, { "category": "other", "text": "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3555" }, { "category": "external", "summary": "RHBZ#533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3555", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555" } ], "release_date": "2009-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "TLS: MITM attacks via session renegotiation" }, { "cve": "CVE-2010-3541", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642202" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3541" }, { "category": "external", "summary": "RHBZ#642202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3541", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3541" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)" }, { "cve": "CVE-2010-3548", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639909" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or \"otherwise-protected internal network names.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK DNS server IP address information leak (6957564)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3548" }, { "category": "external", "summary": "RHBZ#639909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3548", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3548" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK DNS server IP address information leak (6957564)" }, { "cve": "CVE-2010-3549", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642180" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK HttpURLConnection request splitting (6952017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3549" }, { "category": "external", "summary": "RHBZ#642180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642180" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3549", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3549" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3549", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3549" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK HttpURLConnection request splitting (6952017)" }, { "cve": "CVE-2010-3551", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642187" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK local network address disclosure (6952603)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3551" }, { "category": "external", "summary": "RHBZ#642187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642187" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3551", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3551" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3551", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3551" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK local network address disclosure (6952603)" }, { "cve": "CVE-2010-3553", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642167" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Swing unsafe reflection usage (6622002)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3553" }, { "category": "external", "summary": "RHBZ#642167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642167" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3553", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3553" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3553", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3553" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Swing unsafe reflection usage (6622002)" }, { "cve": "CVE-2010-3556", "discovery_date": "2010-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642576" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in 2D component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3556" }, { "category": "external", "summary": "RHBZ#642576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642576" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3556", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3556" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3556", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3556" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK unspecified vulnerability in 2D component" }, { "cve": "CVE-2010-3557", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639904" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of \"behavior and state of certain JDK classes\" and \"mutable static.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Swing mutable static (6938813)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3557" }, { "category": "external", "summary": "RHBZ#639904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3557", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3557" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3557", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3557" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Swing mutable static (6938813)" }, { "cve": "CVE-2010-3562", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639897" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK IndexColorModel double-free (6925710)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3562" }, { "category": "external", "summary": "RHBZ#639897", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639897" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3562", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3562" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3562", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3562" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK IndexColorModel double-free (6925710)" }, { "cve": "CVE-2010-3565", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639920" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JPEG writeImage remote code execution (6963023)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3565" }, { "category": "external", "summary": "RHBZ#639920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639920" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3565", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3565" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3565", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3565" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK JPEG writeImage remote code execution (6963023)" }, { "cve": "CVE-2010-3568", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639876" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Deserialization Race condition (6559775)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3568" }, { "category": "external", "summary": "RHBZ#639876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639876" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3568", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3568" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3568", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3568" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Deserialization Race condition (6559775)" }, { "cve": "CVE-2010-3569", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639925" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Serialization inconsistencies (6966692)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3569" }, { "category": "external", "summary": "RHBZ#639925", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639925" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3569", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3569" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3569", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3569" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Serialization inconsistencies (6966692)" }, { "cve": "CVE-2010-3571", "discovery_date": "2010-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642585" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in 2D component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3571" }, { "category": "external", "summary": "RHBZ#642585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3571", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3571" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3571", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3571" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK unspecified vulnerability in 2D component" }, { "cve": "CVE-2010-3572", "discovery_date": "2010-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642611" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Sound component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3572" }, { "category": "external", "summary": "RHBZ#642611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642611" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3572", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3572" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3572", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3572" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-15T22:41:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0986" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "4AS-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el4_8.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-demo-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-devel-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64", "5Server-SAP:java-1.4.2-ibm-sap-src-0:1.4.2.13.6.sap-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK unspecified vulnerability in Sound component" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.