| Sun Alert ID |
CVE Number |
Date released |
Synopsis |
Affected Releases |
Releases containing fix |
| 233327 |
CVE-2008-1196 |
27 March 2008 |
A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. |
IBM Platforms:
6 GA
5.0 SR6 and earlier
1.4.2 SR10 and earlier
Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
1.4.2_16 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
6 SR1 and later
5.0 SR7 and later
1.4.2 SR11 and later
Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
1.4.2_17 and later
HP Platforms:
See HP site for details
|
| 233326 |
CVE-2008-1195 |
27 March 2008 |
A vulnerability in the Java Runtime Environment may allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs, This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. |
IBM Platforms:
6 GA
5.0 SR6 and earlier
1.4.2 SR9 and earlier
Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
1.4.2_16 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
6 SR1 and later
5.0 SR7 and later
1.4.2 SR10 and later
Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
1.4.2_17 and later
HP Platforms:
See HP site for details
|
| 233325 |
CVE-2008-1194 |
27 March 2008 |
Two buffer overflow vulnerabilities may allow an untrusted applet or application to cause the Java Runtime Environment to crash. |
IBM Platforms:
6 GA
5.0 SR6 and earlier
Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
6 SR1 and later
5.0 SR7 and later
Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
HP Platforms:
See HP site for details
|
| 233325 |
CVE-2008-1194 |
27 March 2008 |
A buffer overflow vulnerability in the Java Runtime Environment image parsing code may allow an untrusted applet or application to create a denial-of-service condition, by causing the Java Runtime Environment to crash. |
IBM Platforms:
6 GA
5.0 SR6 and earlier
Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
6 SR1 and later
5.0 SR7 and later
Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
HP Platforms:
See HP site for details
|
| 233325 |
CVE-2008-1193 |
27 March 2008 |
A buffer overflow vulnerability in the Java Runtime Environment image parsing code allow an untrusted applet or application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. |
IBM Platforms:
6 GA
5.0 SR6 and earlier
Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
6 SR1 and later
5.0 SR7 and later
Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
HP Platforms:
See HP site for details
|
| 233324 |
CVE-2008-1192 |
27 March 2008 |
A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet. |
IBM Platforms:
6 GA
5.0 SR6 and earlier
1.4.2 SR9 and earlier
Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
1.4.2_16 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
6 SR1 and later
5.0 SR7 and later
1.4.2 SR10 and later
Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
1.4.2_17 and later
HP Platforms:
See HP site for details
|
| 233323 |
CVE-2008-1191 |
27 March 2008 |
A vulnerability in Java Web Start may allow an untrusted Java Web Start application to create files on the system that the untrusted application runs on and leverage these files to run local applications with the privileges of the user running the untrusted Java Web Start application. |
IBM Platforms:
6 GA
Sun Platforms:
6 Update 4 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
6 SR1 and later
Sun Platforms:
6 Update 5 and later
HP Platforms:
See HP site for details
|
| 233323 |
CVE-2008-1190 |
27 March 2008 |
A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. |
IBM Platforms:
6 GA
5.0 SR6 and earlier
1.4.2 SR9 and earlier
Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
1.4.2_16 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
6 SR1 and later
5.0 SR7 and later
1.4.2 SR10 and later
Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
1.4.2_17 and later
HP Platforms:
See HP site for details
|
| 233323 |
CVE-2008-1189 |
27 March 2008 |
A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. |
IBM Platforms:
6 GA
5.0 SR6 and earlier
1.4.2 SR9 and earlier
Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
1.4.2_16 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
6 SR1 and later
5.0 SR7 and later
1.4.2 SR10 and later
Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
1.4.2_17 and later
HP Platforms:
See HP site for details
|
| 233323 |
CVE-2008-1188 |
27 March 2008 |
Two buffer overflow vulnerabilities in Java Web Start may independently allow an untrusted Java Web Start application to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. |
IBM Platforms:
6 GA
5.0 SR6 and earlier
Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
6 SR1 and later
5.0 SR7 and later
Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
HP Platforms:
See HP site for details
|
| 233322 |
CVE-2008-1187 |
27 March 2008 |
A vulnerability in the Java Runtime Environment with parsing XML data may allow an untrusted applet or application to elevate its privileges. For example, an applet may read certain URL resources (such as some files and web pages). |
IBM Platforms:
6 GA
5.0 SR6 and earlier
1.4.2 SR10 and earlier
Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
1.4.2_16 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
6 SR1 and later
5.0 SR7 and later
1.4.2 SR11 and later
Sun Platforms:
6 Update 5 or later
5.0 Update 15 or later
1.4.2_17 or later
HP Platforms:
See HP site for details
|
| 231261 |
CVE-2008-0657 |
27 March 2008 |
A vulnerability in the Java Runtime Environment may allow an untrusted application or applet that is downloaded from a website to elevate its privileges. For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet. |
IBM Platforms:
5.0 SR6 and earlier
Sun Platforms:
6 Update 1 and earlier
5.0 Update 13 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR7 and later
Sun Platforms:
6 Update 2 and later
5.0 Update 14 and later
HP Platforms:
See HP site for details
|
| 103079 |
CVE-2007-5232 |
5 November 2007
|
A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. |
IBM Platforms:
5.0 SR5 and earlier
1.4.2 SR9 and earlier
1.3.1 SR11 and earlier
Sun Platforms:
6 Update 2 and earlier
5.0 Update 12 and earlier
1.4.2_15 and earlier
1.3.1_20 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later
Sun Platforms:
6 Update 3 and later
5.0 Update 13 and later
1.4.2_16 and later
HP Platforms:
See HP site for details
|
| 103078 |
CVE-2007-5274
CVE-2007-5273
|
5 November 2007 |
A vulnerability in the Java Runtime Environment (JRE) may allow malicious Javascript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the Javascript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.
A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. |
IBM Platforms:
5.0 SR5 and earlier
1.4.2 SR9 and earlier
1.3.1 SR11 and earlier
Sun Platforms:
6 Update 2 and earlier
5.0 Update 12 and earlier
1.4.2_15 and earlier
1.3.1_20 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later
Sun Platforms:
6 Update 3 and later
5.0 Update 13 and later
1.4.2_16 and later
HP Platforms:
See HP site for details
|
103073
|
CVE-2007-5236 |
5 November 2007 |
An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. |
IBM Platforms:
5.0 SR5 and earlier
1.4.2 SR9 and earlier
Sun Platforms:
5.0 Update 12 and earlier
1.4.2_15 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later
Sun Platforms:
5.0 Update 13 and later
1.4.2_16 and later
HP Platforms:
See HP site for details
|
103073
|
CVE-2007-5238 |
5 November 2007 |
Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. |
IBM Platforms:
5.0 SR5 and earlier
1.4.2 SR9 and earlier
Sun Platforms:
6 Update 2 and earlier
5.0 Update 12 and earlier
1.4.2_15 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later
Sun Platforms:
6 Update 3 and later
5.0 Update 13 and later
1.4.2_16 and later
HP Platforms:
See HP site for details
|
103072
|
CVE-2007-5239 |
5 November 2007 |
An untrusted Java Web Start application or Java
applet may move or copy arbitrary files by requesting the
user of the application or applet to drag and drop a file from
the Java Web Start application or Java applet window. |
IBM Platforms:
5.0 SR5 and earlier
1.4.2 SR9 and earlier
1.3.1 SR11 and earlier
Sun Platforms:
6 Update 2 and earlier
5.0 Update 12 and earlier
1.4.2_15 and earlier
1.3.1_20 and earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later
Sun Platforms:
6 Update 3 and later
5.0 Update 13 and later
1.4.2_16 and later
HP Platforms:
See HP site for details
|
103071
|
CVE-2007-5240 |
5 November 2007 |
An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. |
IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later
Sun Platforms:
6 Update 3 and later
5.0 Update 13 and later
1.4.2_16 and later
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later
Sun Platforms:
6 Update 3 and later
5.0 Update 13 and later
1.4.2_16 and later
HP Platforms:
See HP site for details
|
103024
|
CVE-2007-4381 |
5 November 2007 |
A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. |
IBM Platforms:
5.0 SR5 or earlier
1.4.2 SR9 or earlier
Sun Platforms:
5.0 update 9 earlier
1.4.2_14 or earlier
Java 6 and 1.3.1 are not affected
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR5a or later
1.4.2 SR10 or later
Sun Platforms:
5.0 update 10 or later
1.4.2_15 or later
HP Platforms:
See HP site for details
|
102997
|
CVE-2007-3698 |
5 November 2007 |
The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. |
IBM Platforms:
JSSE in 1.4.2 SR9 or earlier
JSSE2 is not affected
Sun Platforms:
6 update 1 or earlier
5.0 update 7 through update 11
1.4.2_11 through 1.4.2_14
HP Platforms:
See HP site for details
|
IBM Platforms:
1.4.2 SR10 or later
Sun Platforms:
6 update 2 or later
5.0 update 12 or later
1.4.2_15 or later
HP Platforms:
See HP site for details
|
| 102934 |
CVE-2007-2788
CVE-2007-2789
CVE-2007-3004
CVE-2007-3005 |
9 August 2007
|
A buffer overflow vulnerability in the image parsing code in the Java(TM) Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang. |
| Issue 1 |
Issue 2 |
|
IBM Platforms:
5.0 SR5 or earlier
1.4.2 SR8 or earlier
1.3.1 SR10a or earlier
Sun Platforms:
6 GA
5.0 update 10 or earlier
1.4.2_14 or earlier
1.3.1_20 or earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR5 or earlier
1.4.2 SR8 or earlier
1.3.1 SR10a or earlier
Sun Platforms:
6 GA
5.0 update 10 or earlier
1.4.2_14 or earlier
1.3.1_19 or earlier
HP Platforms:
See HP site for details
|
|
| Issue 1 |
Issue 2 |
|
IBM Platforms:
5.0 SR5a or later
1.4.2 SR9 or later
1.3.1 SR11 or later
Sun Platforms:
6 update 1 or later
5.0 update 11 or later
1.4.2_15 or later
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR5a or later
1.4.2 SR9 or later
1.3.1 SR11 or later
Sun Platforms:
6 update 1 or later
5.0 update 11 or later
1.4.2_15 or later
1.3.1_20 or later
HP Platforms:
See HP site for details
|
|
| 102996 |
CVE-2007-3655 |
9 August 2007
|
A buffer overflow vulnerability in the Java Web Start URL parsing code may allow an untrusted application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications with the privileges of the user running the Java Web Start application. |
IBM Platforms:
5.0 SR5 or earlier
Sun Platforms:
6 update 1 or earlier
5.0 update 11 or earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR5a or later
Sun Platforms:
6 update 2 or later
5.0 update 12 or later
HP Platforms:
See HP site for details
|
| 102995 |
CVE-2007-3922 |
9 August 2007
|
A security vulnerability in the Java Runtime Environment Applet Class Loader may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to. |
IBM Platforms:
1.4.2 SR9 or earlier
5.0 SR5 or earlier
1.3.1 SR10a or earlier
Sun Platforms:
6 update 1 or earlier
5.0 update 11 or earlier
1.4.2_14 or earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
1.4.2 SR10 or later
5.0 SR5a or later
1.3.1 SR11 or later
Sun Platforms:
6 update 2 or later
5.0 update 12 or later
1.4.2_15 or later
HP Platforms:
See HP site for details
|
| 102957 |
CVE-2007-3504 |
18 July 2007 |
A vulnerability in Java(TM) Web Start allows an untrusted application to grant itself permissions to overwrite the .java.policy file and then invoke applets or Java Web Start applications that can execute arbitrary code with the permissions of the user running the untrusted application. There are no reported attacks based on this vulnerability. |
IBM Platforms:
5.0 SR4 or earlier
1.4.2 SR8 or earlier
Sun Platforms:
5.0 update 11 or earlier
1.4.2_13 or earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR5 or later
1.4.2 SR9 or later
Sun Platforms:
5.0 update 12 or later
1.4.2_14 or later
HP Platforms:
See HP site for details
|
| 102958 |
CVE-2007-3503 |
12 July 2007 |
A defect in the Javadoc(TM) tool lets it generate HTML documentation pages that may be leveraged in a cross-site scripting attack. For this defect to be exploited, a user has to click a URL that is created by an attacker that points to a web page with documentation generated by Javadoc. The URL includes Javascript code that will be executed by the browser when the web page is loaded. The Javascript code may access information that is stored in the user's cookies from the website that hosts the documentation pages. There are no reported attacks based on this vulnerability. |
IBM Platforms:
5.0 SR4 or earlier
Sun Platforms:
6 GA
5.0 update 11 or earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR5 or later
Sun Platforms:
6 update 1 or later
5.0 update 12 or later
HP Platforms:
See HP site for details
|
102881
|
CVE-2007-2435 |
5 June 2007 |
A vulnerability in Java(TM) Web Start allows an untrusted application
to elevate its privileges. For example, an application may grant itself
permissions to read and write local files that are accessible
to the user running the Java Web Start application. |
IBM Platforms:
5.0 SR4 or earlier
1.4.2 SR7 or earlier
Sun Platforms:
5.0 update 10 or earlier
1.4.2_13 or earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR5 or later
1.4.2 SR8 or later
Sun Platforms:
5.0 update 11 or later
1.4.2_14 or later
HP Platforms:
See HP site for details
|
| 102760 |
CVE-2007-0243 |
05 April 2007 |
A buffer overflow vulnerability in the Java(TM) Runtime Environment may allow an untrusted applet
to elevate its privileges. For example, an applet may grant itself permissions to read and write local
files or execute local applications that are accessible to the user running the untrusted applet. |
IBM Platforms:
5.0 SR3 or earlier
1.4.2 SR7 or earlier
1.3.1 SR10a or earlier
Sun Platforms:
5.0 update 9 or earlier
1.4.2_12 or earlier
1.3.1_18 or earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR4 or later
1.4.2 SR8 or later
1.3.1 SR11 or later
Sun Platforms:
5.0 update 10 or later
1.4.2_13 or later
1.3.1_19 or later
HP Platforms:
See HP site for details
|
| 102732 |
CVE-2006-6737
CVE-2006-6736
|
04 January 2007 |
Two vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to access data in other applets. |
| Issue 1 |
Issue 2 |
|
IBM Platforms:
5.0 GA
1.4.2 SR3 or earlier
1.3.1 SR10 or earlier
Sun Platforms:
5.0 update 5 or earlier
1.4.2_10 or earlier
1.3.1_18 or earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR2 or earlier
1.4.2 SR7 or earlier
1.3.1 SR10 or earlier
Sun Platforms:
5.0 update 6 or earlier
1.4.2_12 or earlier
1.3.1_18 or earlier
HP Platforms:
See HP site for details
|
|
| Issue 1 |
Issue 2 |
|
IBM Platforms:
5.0 SR1 or later
1.4.2 SR4 or later
1.3.1 SR10a or later
Sun Platforms:
5.0 update 6 or later
1.4.2_11 or lateer
1.3.1_19 or later
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR3 or later
1.4.2 SR8 or later
1.3.1 SR10a or later
Sun Platforms:
5.0 update 7 or later
1.4.2_13 or later
1.3.1_19 or later
HP Platforms:
See HP site for details
|
|
| 102731 |
CVE-2006-6745 |
04 January 2007 |
Two vulnerabilities in the Java(TM) Runtime Environment with serialization may independently allow an untrusted applet or application to elevate its privileges. |
IBM Platforms:
5.0 SR2 or earlier
1.4.2 SR7 or earlier
1.3.1 is not affected
Sun Platforms:
5.0 update 7 or earlier
1.4.2_12 or earlier
1.3.1 is not affected
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR3 or later
1.4.2 SR8 or later
1.3.1 is not affected
Sun Platforms:
5.0 update 8 or later
1.4.2_13 or later
1.3.1 is not affected
HP Platforms:
See HP site for details
|
| 102729 |
CVE-2006-6731 |
04 January 2007 |
Two buffer overflow vulnerabilities in the Java(TM) Runtime Environment may independently allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. |
IBM Platforms:
5.0 SR2 or earlier
1.4.2 SR6 or earlier
1.3.1 SR10 or earlier
Sun Platforms:
5.0 update 7 or earlier
1.4.2_12 or earlier
1.3.1_18 or earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR3 or later
1.4.2 SR7 or later
1.3.1 SR10a or later
Sun Platforms:
5.0 update 8 or later
1.4.2_13 or later
1.3.1_19 or later
HP Platforms:
See HP site for details
|
| 102622 |
CVE-2006-6009 |
15 November 2006 |
A vulnerability in the Java Runtime Environment may allow an untrusted applet to access data in other applets. |
IBM Platforms:
5.0 SR2 or earlier
1.4.2 and 1.3.1 are not affected
Sun Platforms:
5.0 update 7 or earlier
1.4.2 and 1.3.1 are not affected
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR3 or later
1.4.2 and 1.3.1 are not affected
Sun Platforms:
5.0 update 8 or later
1.4.2 and 1.3.1 are not affected
HP Platforms:
See HP site for details
|
102686
102648 |
CVE-2006-5201 |
12 October 2006 |
An RSA(1) Signature Verification vulnerability allows unauthorized forged certificates to be validated.
This may result in a number of different types of remote exploits. |
IBM Platforms:
5.0 SR2 or earlier
1.4.2 SR6 and earlier
1.3.1 SR10 and earlier
1.3.1s SR26 and earlier
Sun Platforms:
5.0 update 8 or earlier
1.4.2_12 or earlier
1.3.1_19 or earlier
HP Platforms:
See HP site for details
|
IBM Platforms:
5.0 SR3 or later
1.4.2 SR7 or later
1.3.1s SR27 or later
1.3.1 release details TBC, due end of October
Sun Platforms:
5.0 update 9 or later
1.4.2_13 or later
1.3.1_20 or later
HP Platforms:
See HP site for details
|
| 102557 |
CVE-2006-4302 |
25 August 2006 |
The Java Plug-in and Java Web Start both allow applets and applications to specify the version of the
Java Runtime Environment (JRE) to run with. However, the versions of Java Web Start and the Java Plug-in
listed under "Affected Releases" may allow applets or applications to run with a specified version of the
JRE that does not have the latest security fixes. |
Platforms:
AIX, Linux, Windows, Solaris and HP-UX
Releases:
IBM Java Plug-in included with J2SE 5.0 GA/GA-1, 1.4.x, 1.3.x.
Sun Java Plug-in included with J2SE 5.0 Update 5 and earlier, 1.4.x, 1.3.1, and 1.3.0_02 and later.
IBM Java Web Start included with J2SE 5.0 GA/GA-1, 1.4.2.
Sun Java Web Start included with J2SE 5.0 Update 5 and earlier, and 1.4.2.
IBM and Sun Java Web Start 1.2, 1.0.2, 1.0.1, and 1.0.
To work around the described issue for the Java Plug-in on the AIX, Linux and Solaris platforms, use
the latest JRE releases available from IBM and remove all symbolic links of earlier versions of Java
Plug-in from the browser "plugins" directory.
HP platforms: HP web site
for details
|
Java Plug-in:
IBM 5.0 SR1 and later for Windows.
Sun 5.0 Update 6 and later for Windows.
Notes:
1. Prior to these releases, an applet could specify the version of the JRE on which it would run. With these
releases and later installed on the Windows platform, all applets are executed with the latest version of the JRE.
2. For AIX, Solaris and Linux, please see the workaround under "Affected Releases".
HP platforms: HP web site
for details
Java Web Start:
IBM 5.0 SR1 and later for Windows, AIX and Linux.
Sun 5.0 Update 6 and later for Windows, Solaris, and Linux.
Note: Prior to these releases, an application could specify the version of the JRE on which it would run. With
these releases and later installed, unsigned Java Web Start applications that specify a version other than
the latest installed will trigger a warning, requiring explicit user permission before the application will
run. Signed Java Web Start applications are not affected.
HP platforms: HP web site
for details
|
| n/a |
n/a |
27 March 2006 |
The IBM JCE certificate will expire on May 18, 2006 at 21:59:19 GMT using older versions of IBM JCE. |
For
the IBM JDK 1.3.1 and earlier, JCE is not bundled, and the build date
of the JCE Framework jar determines whether that version of JCE is
affected.
Build dates earlier than 040219 are affected. To
determine the build date of your JCE version, inspect the
Implementation-Version in the Manifest.mf in ibmjcefw.jar. If this date
is earlier than 040219, your JCE is affected and must be upgraded.
Further information for WebSphere users
here.
|
The problem does not exist in the IBM JDK 1.4.x and onwards, where JCE is bundled with the JDK.
Build dates of 040219 and later are not affected. The current version of
IBM's JCE 1.2.1 on JIM
is not affected. These versions ignore certificate expiration.
If you have been bundling Sun's JCE 1.2.1 code or
earlier, you can use their JCE
1.2.2 on JIM which is also not affected.
However, all products planning to deploy JCE should use
the IBM implementation.
|
| 102170 |
CVE-2006-0613 |
7 February 2006 |
A vulnerability in Java Web Start may allow an
untrusted application to elevate its privileges. For
example an application may grant itself permissions to
read and write local files that are accessible to the
user running the Java Web Start application. |
IBM platforms:
5.0 GA
Sun platforms:
5.0 Update 5 or earlier
HP platforms: HP web site
for details
The Sunsolve website documents a workaround: disable
Java Web Start applications from being launched from a
web browser
|
IBM platforms: 5.0 GA-1
and later
Sun platforms: 5.0
Update 6 and later
HP platforms: HP web site
for details
|
| 102171 |
CVE-2006-0617
CVE-2006-0616
CVE-2006-0615
CVE-2006-0614
|
7 February 2006 |
Seven vulnerabilities with the use of
"reflection" APIs in the Java Runtime
Environment may independently allow an untrusted applet
to elevate its privileges. For example an applet may
grant itself permissions to read and write local files or
execute local applications that are accessible to the
user running the untrusted applet. |
IBM platforms:
5.0 GA
1.4.2 SR3 or earlier
1.3.1 SR9 or earlier
zOS: 1.3.1s SR25 or earlier
Sun platforms:
1.4.2_09 or earlier
1.3.1_16 or earlier
5.0 Update 5 or earlier
HP platforms: HP web site
for details
|
IBM platforms: 5.0 GA-1
and later
1.4.2 SR4-1
and later
(not Linux and Windows AMD64/EMT64, zOS 64)
1.4.2 SR4
and later
(Linux and Windows AMD64/EMT64, zOS 64)
1.3.1 SR9-1
and later
zOS: 1.3.1s
SR25-1 and later
Sun platforms:
5.0 Update 6
and later
1.4.2_10 and
later
1.3.1_17 and
later
HP platforms: HP web site
for details
|
| 102017 |
CVE-2005-3904 |
28 November 2005 |
A vulnerability with the Java Management Extensions
(JMX) implementation included with the Java Runtime
Environment (JRE) may allow an untrusted applet to
elevate its privileges. For example an applet may grant
itself permissions to read and write local files or
execute local applications that are accessible to the
user running the untrusted applet. |
IBM platforms: None
Sun platforms:
5.0 Update 3 or earlier
HP platforms: HP web site
for details
|
IBM platforms: 5.0 GA and
later
Sun platforms: 5.0
Update 4 and later
HP platforms: HP web site
for details
|
| 102050 |
CVE-2005-3907 |
28 November 2005 |
A vulnerability in the Java Runtime Environment may
allow an untrusted applet to elevate its privileges. For
example, an applet may grant itself permissions to read
and write local files or execute local applications that
are accessible to the user running the untrusted applet. |
IBM platforms: None
Sun platforms:
5.0 Update 3 or earlier
HP platforms: HP web site
for details
|
IBM platforms: 5.0 GA and
later
Sun platforms: 5.0
Update 4 and later
HP platforms: HP web site
for details
|
| 102003 |
CVE-2005-3906
CVE-2005-3905 |
28 November 2005 |
Three security vulnerabilities with the use of
"reflection" APIs in the Java Runtime
Environment (JRE) may (independently) allow an untrusted
applet to elevate its privileges. For example, an
untrusted applet may grant itself permissions to read and
write local files or execute local applications that are
accessible to the user running the untrusted applet. |
IBM platforms:
1.4.2 SR2 or earlier
1.3.1 SR8 or earlier
Sun platforms:
5.0 Update 3 or earlier
1.4.2_08 or earlier
1.3.1_15 or earlier
HP platforms: HP web site
for details
|
IBM platforms: 5.0 GA and
later
1.4.2 SR3
and later
1.3.1 SR9
and later
Sun platforms:
5.0 Update 4
and later
1.4.2_09
and later
1.3.1_16
and later
HP platforms: HP web site
for details
|
