rhsa-2011_0880
Vulnerability from csaf_redhat
Published
2011-06-16 19:13
Modified
2024-11-05 17:32
Summary
Red Hat Security Advisory: Red Hat Network Satellite server IBM Java Runtime security update
Notes
Topic
Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Network Satellite 5.4.1 for Red Hat
Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
This update corrects several security vulnerabilities in the IBM Java
Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In
a typical operating environment, these are of low security risk as the
runtime is not used on untrusted applets.
This update fixes several vulnerabilities in the IBM Java 2 Runtime
Environment. Detailed vulnerability descriptions are linked from the IBM
"Security alerts" page, listed in the References section. (CVE-2009-3555,
CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550,
CVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557,
CVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,
CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572,
CVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,
CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465,
CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473,
CVE-2010-4475, CVE-2010-4476)
Users of Red Hat Network Satellite 5.4.1 are advised to upgrade to these
updated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java
release. For this update to take effect, Red Hat Network Satellite must be
restarted. Refer to the Solution section for details.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-ibm packages that fix several security issues are now\navailable for Red Hat Network Satellite 5.4.1 for Red Hat\nEnterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite 5.4.1. In\na typical operating environment, these are of low security risk as the\nruntime is not used on untrusted applets.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment. Detailed vulnerability descriptions are linked from the IBM\n\"Security alerts\" page, listed in the References section. (CVE-2009-3555,\nCVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550,\nCVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557,\nCVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,\nCVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572,\nCVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465,\nCVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473,\nCVE-2010-4475, CVE-2010-4476)\n\nUsers of Red Hat Network Satellite 5.4.1 are advised to upgrade to these\nupdated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java\nrelease. For this update to take effect, Red Hat Network Satellite must be\nrestarted. Refer to the Solution section for details.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2011:0880", "url": "https://access.redhat.com/errata/RHSA-2011:0880" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "http://www.ibm.com/developerworks/java/jdk/alerts/", "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "category": "external", "summary": "533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "582466", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=582466" }, { "category": "external", "summary": "639876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639876" }, { "category": "external", "summary": "639897", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639897" }, { "category": "external", "summary": "639904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639904" }, { "category": "external", "summary": "639909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639909" }, { "category": "external", "summary": "639920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639920" }, { "category": "external", "summary": "639922", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639922" }, { "category": "external", "summary": "639925", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639925" }, { "category": "external", "summary": "642167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642167" }, { "category": "external", "summary": "642180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642180" }, { "category": "external", "summary": "642187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642187" }, { "category": "external", "summary": "642202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202" }, { "category": "external", "summary": "642215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642215" }, { "category": "external", "summary": "642558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642558" }, { "category": "external", "summary": "642559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642559" }, { "category": "external", "summary": "642573", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642573" }, { "category": "external", "summary": "642576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642576" }, { "category": "external", "summary": "642585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642585" }, { "category": "external", "summary": "642589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642589" }, { "category": "external", "summary": "642593", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642593" }, { "category": "external", "summary": "642611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642611" }, { "category": "external", "summary": "674336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=674336" }, { "category": "external", "summary": "675984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675984" }, { "category": "external", "summary": "676019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676019" }, { "category": "external", "summary": "676023", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676023" }, { "category": "external", "summary": "677957", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677957" }, { "category": "external", "summary": "677958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677958" }, { "category": "external", "summary": "677959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677959" }, { "category": "external", "summary": "677960", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677960" }, { "category": "external", "summary": "677961", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677961" }, { "category": "external", "summary": "677963", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677963" }, { "category": "external", "summary": "677966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677966" }, { "category": "external", "summary": "677967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677967" }, { "category": "external", "summary": "677968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677968" }, { "category": "external", "summary": "677970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677970" }, { "category": "external", "summary": "677971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677971" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0880.json" } ], "title": "Red Hat Security Advisory: Red Hat Network Satellite server IBM Java Runtime security update", "tracking": { "current_release_date": "2024-11-05T17:32:12+00:00", "generator": { "date": "2024-11-05T17:32:12+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2011:0880", "initial_release_date": "2011-06-16T19:13:00+00:00", "revision_history": [ { "date": "2011-06-16T19:13:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2011-06-16T15:21:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T17:32:12+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.4 (RHEL v.5)", "product": { "name": "Red Hat Satellite 5.4 (RHEL v.5)", "product_id": "5Server-Satellite54", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.4::el5" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "product": { "name": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "product_id": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.9.1-1jpp.1.el5?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "product": { "name": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "product_id": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.9.1-1jpp.1.el5?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.9.1-1jpp.1.el5?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.9.1-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.9.1-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "product": { "name": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "product_id": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.9.1-1jpp.1.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.9.1-1jpp.1.el5?arch=i386\u0026epoch=1" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386 as a component of Red Hat Satellite 5.4 (RHEL v.5)", "product_id": "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "relates_to_product_reference": "5Server-Satellite54" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x as a component of Red Hat Satellite 5.4 (RHEL v.5)", "product_id": "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "relates_to_product_reference": "5Server-Satellite54" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src as a component of Red Hat Satellite 5.4 (RHEL v.5)", "product_id": "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "relates_to_product_reference": "5Server-Satellite54" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64 as a component of Red Hat Satellite 5.4 (RHEL v.5)", "product_id": "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Satellite54" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386 as a component of Red Hat Satellite 5.4 (RHEL v.5)", "product_id": "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "relates_to_product_reference": "5Server-Satellite54" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x as a component of Red Hat Satellite 5.4 (RHEL v.5)", "product_id": "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "relates_to_product_reference": "5Server-Satellite54" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64 as a component of Red Hat Satellite 5.4 (RHEL v.5)", "product_id": "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Satellite54" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-3555", "cwe": { "id": "CWE-300", "name": "Channel Accessible by Non-Endpoint" }, "discovery_date": "2009-10-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533125" } ], "notes": [ { "category": "description", "text": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "TLS: MITM attacks via session renegotiation", "title": "Vulnerability summary" }, { "category": "other", "text": "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3555" }, { "category": "external", "summary": "RHBZ#533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3555", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555" } ], "release_date": "2009-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "TLS: MITM attacks via session renegotiation" }, { "acknowledgments": [ { "names": [ "MIT Kerberos Team" ] }, { "names": [ "Shawn Emery" ], "organization": "Oracle", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2010-1321", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2010-04-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "582466" } ], "notes": [ { "category": "description", "text": "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator\u0027s checksum field is missing.", "title": "Vulnerability description" }, { "category": "summary", "text": "krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-1321" }, { "category": "external", "summary": "RHBZ#582466", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=582466" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1321", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1321" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1321", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1321" } ], "release_date": "2010-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)" }, { "cve": "CVE-2010-3541", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642202" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3541" }, { "category": "external", "summary": "RHBZ#642202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3541", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3541" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)" }, { "cve": "CVE-2010-3548", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639909" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or \"otherwise-protected internal network names.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK DNS server IP address information leak (6957564)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3548" }, { "category": "external", "summary": "RHBZ#639909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3548", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3548" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK DNS server IP address information leak (6957564)" }, { "cve": "CVE-2010-3549", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642180" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK HttpURLConnection request splitting (6952017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3549" }, { "category": "external", "summary": "RHBZ#642180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642180" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3549", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3549" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3549", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3549" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK HttpURLConnection request splitting (6952017)" }, { "cve": "CVE-2010-3550", "discovery_date": "2010-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642559" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Java Web Start component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3550" }, { "category": "external", "summary": "RHBZ#642559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642559" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3550", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3550" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3550", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3550" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in Java Web Start component" }, { "cve": "CVE-2010-3551", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642187" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK local network address disclosure (6952603)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3551" }, { "category": "external", "summary": "RHBZ#642187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642187" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3551", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3551" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3551", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3551" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK local network address disclosure (6952603)" }, { "cve": "CVE-2010-3553", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642167" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Swing unsafe reflection usage (6622002)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3553" }, { "category": "external", "summary": "RHBZ#642167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642167" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3553", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3553" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3553", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3553" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Swing unsafe reflection usage (6622002)" }, { "cve": "CVE-2010-3555", "discovery_date": "2010-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642558" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Deployment component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3555" }, { "category": "external", "summary": "RHBZ#642558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642558" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3555", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3555" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3555", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3555" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in Deployment component" }, { "cve": "CVE-2010-3556", "discovery_date": "2010-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642576" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in 2D component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3556" }, { "category": "external", "summary": "RHBZ#642576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642576" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3556", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3556" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3556", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3556" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK unspecified vulnerability in 2D component" }, { "cve": "CVE-2010-3557", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639904" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of \"behavior and state of certain JDK classes\" and \"mutable static.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Swing mutable static (6938813)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3557" }, { "category": "external", "summary": "RHBZ#639904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3557", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3557" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3557", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3557" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Swing mutable static (6938813)" }, { "cve": "CVE-2010-3558", "discovery_date": "2010-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642593" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Java Web Start component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3558" }, { "category": "external", "summary": "RHBZ#642593", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642593" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3558", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3558" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK unspecified vulnerability in Java Web Start component" }, { "cve": "CVE-2010-3560", "discovery_date": "2010-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642573" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Networking component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3560" }, { "category": "external", "summary": "RHBZ#642573", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642573" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3560", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3560" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3560", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3560" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "JDK unspecified vulnerability in Networking component" }, { "cve": "CVE-2010-3562", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639897" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK IndexColorModel double-free (6925710)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3562" }, { "category": "external", "summary": "RHBZ#639897", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639897" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3562", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3562" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3562", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3562" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK IndexColorModel double-free (6925710)" }, { "cve": "CVE-2010-3563", "discovery_date": "2010-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642589" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to \"how Web Start retrieves security policies,\" BasicServiceImpl, and forged policies that bypass sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unspecified vulnerability in Deployment component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3563" }, { "category": "external", "summary": "RHBZ#642589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642589" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3563", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3563" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3563", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3563" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: unspecified vulnerability in Deployment component" }, { "cve": "CVE-2010-3565", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639920" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JPEG writeImage remote code execution (6963023)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3565" }, { "category": "external", "summary": "RHBZ#639920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639920" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3565", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3565" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3565", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3565" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK JPEG writeImage remote code execution (6963023)" }, { "cve": "CVE-2010-3566", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639922" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK ICC Profile remote code execution (6963489)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3566" }, { "category": "external", "summary": "RHBZ#639922", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639922" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3566", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3566" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3566", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3566" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK ICC Profile remote code execution (6963489)" }, { "cve": "CVE-2010-3568", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639876" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Deserialization Race condition (6559775)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3568" }, { "category": "external", "summary": "RHBZ#639876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639876" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3568", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3568" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3568", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3568" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Deserialization Race condition (6559775)" }, { "cve": "CVE-2010-3569", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639925" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Serialization inconsistencies (6966692)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3569" }, { "category": "external", "summary": "RHBZ#639925", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639925" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3569", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3569" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3569", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3569" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Serialization inconsistencies (6966692)" }, { "cve": "CVE-2010-3571", "discovery_date": "2010-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642585" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in 2D component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3571" }, { "category": "external", "summary": "RHBZ#642585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3571", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3571" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3571", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3571" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK unspecified vulnerability in 2D component" }, { "cve": "CVE-2010-3572", "discovery_date": "2010-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642611" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Sound component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3572" }, { "category": "external", "summary": "RHBZ#642611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642611" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3572", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3572" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3572", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3572" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK unspecified vulnerability in Sound component" }, { "cve": "CVE-2010-3573", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642202" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3573" }, { "category": "external", "summary": "RHBZ#642202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3573", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3573" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3573", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3573" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)" }, { "cve": "CVE-2010-3574", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642215" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3574" }, { "category": "external", "summary": "RHBZ#642215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642215" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3574", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3574" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3574", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3574" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)" }, { "cve": "CVE-2010-4422", "discovery_date": "2011-02-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "677971" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Deployment component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4422" }, { "category": "external", "summary": "RHBZ#677971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677971" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4422", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4422" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in Deployment component" }, { "cve": "CVE-2010-4447", "discovery_date": "2011-02-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "677970" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4475.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Deployment component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4447" }, { "category": "external", "summary": "RHBZ#677970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4447", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4447" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4447", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4447" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK unspecified vulnerability in Deployment component" }, { "cve": "CVE-2010-4448", "discovery_date": "2011-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676023" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves \"DNS cache poisoning by untrusted applets.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK DNS cache poisoning by untrusted applets (6981922)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4448" }, { "category": "external", "summary": "RHBZ#676023", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676023" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4448", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4448" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4448", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4448" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK DNS cache poisoning by untrusted applets (6981922)" }, { "cve": "CVE-2010-4452", "discovery_date": "2011-02-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "677968" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Deployment component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4452" }, { "category": "external", "summary": "RHBZ#677968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677968" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4452", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4452" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4452", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4452" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in Deployment component" }, { "cve": "CVE-2010-4454", "discovery_date": "2011-02-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "677967" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4462 and CVE-2010-4473.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Sound component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4454" }, { "category": "external", "summary": "RHBZ#677967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677967" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4454", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4454" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4454", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4454" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in Sound component" }, { "cve": "CVE-2010-4462", "discovery_date": "2011-02-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "677966" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4473.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Sound component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4462" }, { "category": "external", "summary": "RHBZ#677966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677966" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4462", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4462" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4462", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4462" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in Sound component" }, { "cve": "CVE-2010-4463", "discovery_date": "2011-02-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "677963" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Deployment component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4463" }, { "category": "external", "summary": "RHBZ#677963", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677963" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4463", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4463" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4463", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4463" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in Deployment component" }, { "cve": "CVE-2010-4465", "discovery_date": "2011-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "675984" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or \"clipboard access in Applets.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Swing timer-based security manager bypass (6907662)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4465" }, { "category": "external", "summary": "RHBZ#675984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675984" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4465", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4465" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Swing timer-based security manager bypass (6907662)" }, { "cve": "CVE-2010-4466", "discovery_date": "2011-02-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "677961" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Deployment component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4466" }, { "category": "external", "summary": "RHBZ#677961", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677961" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4466", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4466" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4466", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4466" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK unspecified vulnerability in Deployment component" }, { "cve": "CVE-2010-4467", "discovery_date": "2011-02-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "677960" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Deployment component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4467" }, { "category": "external", "summary": "RHBZ#677960", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677960" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4467", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4467" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4467", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4467" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in Deployment component" }, { "cve": "CVE-2010-4468", "discovery_date": "2011-02-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "677959" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in JDBC component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4468" }, { "category": "external", "summary": "RHBZ#677959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677959" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4468", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4468" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4468", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4468" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK unspecified vulnerability in JDBC component" }, { "cve": "CVE-2010-4471", "discovery_date": "2010-07-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676019" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Java2D font-related system property leak (6985453)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4471" }, { "category": "external", "summary": "RHBZ#676019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676019" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4471", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4471" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Java2D font-related system property leak (6985453)" }, { "cve": "CVE-2010-4473", "discovery_date": "2011-02-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "677958" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4462.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Sound component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4473" }, { "category": "external", "summary": "RHBZ#677958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4473", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4473" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4473", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4473" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in Sound component" }, { "cve": "CVE-2010-4475", "discovery_date": "2011-02-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "677957" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4447.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Deployment component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4475" }, { "category": "external", "summary": "RHBZ#677957", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677957" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4475", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4475" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4475", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4475" } ], "release_date": "2011-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK unspecified vulnerability in Deployment component" }, { "cve": "CVE-2010-4476", "discovery_date": "2011-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "674336" } ], "notes": [ { "category": "description", "text": "The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK Double.parseDouble Denial-Of-Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4476" }, { "category": "external", "summary": "RHBZ#674336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=674336" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4476", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4476" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4476", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4476" } ], "release_date": "2011-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-16T19:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart", "product_ids": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.src", "5Server-Satellite54:java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5.x86_64", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.i386", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.s390x", "5Server-Satellite54:java-1.6.0-ibm-devel-1:1.6.0.9.1-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK Double.parseDouble Denial-Of-Service" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.