PDA

View Full Version : Java Security Advisories

  1. 0-day exploit for the Apache plugin for Oracle WebLogic
  2. Tomcat exploit published (fixed in 6.0.18)
  3. Fix for vulnerability in Nokia S40 J2ME implementations
  4. Anybody know VundoFix?
  5. JBoss users may be vulnerable to Tomcat issue
  6. Best not use Tomcat's manager application
  7. CVE-2008-3271 - Apache Tomcat information disclosure via RemoteFilterValve
  8. CVE-2008-4008: Apache plugin for Oracle WebLogic Server (formerly BEA WebLogic)
  9. CVE-2008-4541: Heap-based buffer overflow in the FTP subsystem in Sun Java System Web
  10. CVE-2008-4678: IBM WebSphere (WAS) 6.0.2 before 6.0.2.31 remote DoS
  11. CVE-2008-4679: IBM WebSphere revoked X509 certificates in SOAP aren't rejected
  12. CVE-2008-4747: Sun Java System LDAP JDK before 4.20 local information disclosure
  13. CVE-2008-4910: Java web start remote code execution
  14. Openfire Server Multiple Vulnerabilities
  15. CVE-2008-5098: Sun Java System Messaging Server XSS vulnerability
  16. CVE-2008-5114-CVE-2008-5118: Sun Java System Identity Manager multiple vulnerabilties
  17. Tomcat Privilege Escalation on Windows
  18. candidate CVE-2008-5266: (XSS) vulnerability in GlassFish 2 webadmin interface
  19. CVE-2004-2320: still alive at 4 years of age?
  20. iDefense Labs: Sun Java JRE TrueType Font Parsing Heap Overflow Vulnerability
  21. iDefense Labs: Sun Java Web Start GIF Decoding Memory Corruption Vulnerability
  22. CVE-2008-5411,CVE-2008-5412, CVE-2008-5413, CVE-2008-5414: security patch 7.0.0.1 out
  23. CVE-2008-1232: Cross-site scripting (XSS) vulnerability in Apache Tomcat
  24. advance notice: patches on the 13th for Oracle application servers and more
  25. CVE-2008-5662: Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC
  26. If you have the chance: update to Java 1.6.0_11 or 1.5.0_17
  27. Atlassian JIRA Remote Security Bypass Vulnerability
  28. Reminder: Oracle's critical patches are on-line
  29. Multiple Openfire Vulnerabilities fixed in 3.6.3
  30. CVE-2008-5550: open redirect vulnerability in Sun Java Web Console
  31. CVE-2009-0278: Sun Java System Application Server configuration files exposed via a m
  32. IBM WebSphere Application Server Arbitrary File Information Disclosure Vulnerability
  33. Sun Java System Access Manager Username Enumeration Weakness
  34. SQL injection vulnerability in Oracle Enterprise Manager
  35. WebSphere fixes available for several CVE's
  36. Apple Java update fixes CVE-2008-2086, CVE-2008-5340, CVE-2008-5342 and CVE-2008-5343
  37. Openfire 3.6.3 fixes CVE-2009-0496 and CVE-2009-0497
  38. Cross Site Scripting Vulnerability JOnAS 4.10.3
  39. CVE-2009-0781: Cross-site scripting vulnerability in Tomcat's calendar example
  40. CVE-2009-0027: Fix for XML file disclosure issue in JBoss EAP
  41. More Java vulnerabilities fixed, details to follow
  42. CVE-2009-0439: local privilege escalation in IBM WebSphere MQ
  43. CVE-2009-0609: Sun Java System Directory Proxy Server denial of service
  44. Openfire password change vulnerability
  45. How to stop Java security warning message from popping up?
  46. I Need Help Fixing Some Vulnerabilities on Some Applications?
  47. Apache Archiva Multiple XSS vulnerability
  48. Apache Archiva Multiple CSRF vulnerability
  49. Tabnapping Phishing Proof Of Concept
  50. Sybase EAServer Web Service Remote Installation Vulnerability
  51. CVE-2011-2474 (easerver)
  52. Sybase EAServer Remote Directory Traversal Vulnerability
  53. Oracle HTTP Server Header Cross Site Scripting
  54. CVE-2011-0862 (jre)
  55. CVE-2011-0817 (jre)
  56. CVE-2011-0815 (jre)
  57. CVE-2011-0814 (jre)
  58. CVE-2011-0802 (jre)
  59. CVE-2011-0788 (jre)
  60. CVE-2011-0786 (jre)
  61. CVE-2011-0863 (jre)
  62. CVE-2011-0864 (jre)
  63. CVE-2011-0865 (jre)
  64. CVE-2011-0873 (jre)
  65. CVE-2011-0872 (jre)
  66. CVE-2011-0871 (jre)
  67. CVE-2011-0869 (jre)
  68. CVE-2011-0868 (jre)
  69. CVE-2011-0867 (jre)
  70. CVE-2011-0866 (jre)
  71. IBM WebSphere Application Server Cross Site Request Forgery
  72. Oracle Java Runtime Environment FileDialog.show() Heap Buffer Oveflow Vulnerability
  73. Oracle Java Soundbank Heap Buffer Overflow Vulnerability
  74. Oracle Java Soundbank Stack Buffer Overflow
  75. CVE-2011-0786 (jdk, jre)
  76. CVE-2011-0788 (jdk, jre)
  77. CVE-2011-0802 (jdk, jre)
  78. CVE-2011-0814 (jdk, jre)
  79. CVE-2011-0815 (jdk, jre)
  80. CVE-2011-0817 (jdk, jre)
  81. CVE-2011-0862 (jdk, jre)
  82. CVE-2011-0863 (jdk, jre)
  83. CVE-2011-0864 (jdk, jre)
  84. CVE-2011-0865 (jdk, jre)
  85. CVE-2011-0873 (jdk, jre)
  86. CVE-2011-0872 (jdk, jre)
  87. CVE-2011-0871 (jdk, jre)
  88. CVE-2011-0869 (jdk, jre)
  89. CVE-2011-0868 (jdk, jre)
  90. CVE-2011-0867 (jdk, jre)
  91. CVE-2011-0866 (jdk, jre)
  92. CVE-2011-2091 (coldfusion)
  93. CVE-2011-0629 (coldfusion)
  94. CVE-2011-2093 (blazeds, livecycle_data_services)
  95. CVE-2011-2092 (blazeds, livecycle_data_services)
  96. IBM WebSphere Application Server 7.0.0.13 CSRF Vulnerability
  97. CVE-2011-2204 (tomcat)
  98. Spring Source OXM 3.0.4 Command Injection
  99. CVE-2011-1224 (websphere_mq)
  100. CVE-2011-1498 (httpclient)
  101. CVE-2011-2526 (tomcat)
  102. Java RMI Server Insecure Default Configuration Java Code Execution
  103. CVE-2011-2754 (web_content_manager, websphere_portal)
  104. CVE-2010-3271 (websphere_application_server)
  105. Oracle Sun GlassFish Enterprise Server 2.1.1 Cross Site Scripting
  106. CVE-2011-1355 (websphere_application_server)
  107. CVE-2011-1356 (websphere_application_server)
  108. CVE-2011-2297 (solaris_cluster)
  109. CVE-2011-2260 (sun_products_suite)
  110. CVE-2011-1511 (sun_products_suite)
  111. CVE-2011-0219 (safari, webkit)
  112. CVE-2011-1484 (jboss_enterprise_application_platform, jboss_enterprise_soa_platform,
  113. CVE-2009-4139 (network_satellite_server, spacewalk-java)
  114. CVE-2011-2196 (jboss_enterprise_application_platform, jboss_enterprise_soa_platform,
  115. Android Browser Cross Application Scripting
  116. Sun/Oracle GlassFish Server Authenticated Code Execution
  117. Sun/Oracle GlassFish Server Authenticated Code Execution
  118. CVE-2011-1357 (websphere_service_registry_and_repository)
  119. TeeChart Professional ActiveX Control 2010.0.0.3 Trusted Integer Dereference
  120. CVE-2011-3138 (tivoli_federated_identity_manager, tivoli_federated_identity_manager_b
  121. CVE-2011-2481 (tomcat)
  122. CVE-2011-2729 (tomcat, apache_commons_daemon)
  123. CVE-2011-0527 (tc_server)
  124. ColdFusion probe.cfm Cross Site Scripting
  125. Apache Struts < 2.2.0 Remote Command Execution
  126. Apache Struts < 2.2.0 Remote Command Execution
  127. Apache Wicket XSS vulnerability
  128. CVE-2011-2712 (wicket)
  129. CVE-2011-3190 (tomcat)
  130. Apache Tomcat Authentication bypass and information disclosure
  131. CVE-2011-0311 (java, runtimes_for_java_technology)
  132. CVE-2011-3387 (java)
  133. CVE-2011-1359 (websphere_application_server)
  134. Spring Security Header Injection
  135. CVE-2011-1911 (jasperreports_server_community_project)
  136. CVE-2011-3577 (websphere_commerce)
  137. Adobe ColdFusion 7 Cross Site Scripting
  138. CVE-2011-2894 (springsource_spring_framework, springsource_spring_security)
  139. JBoss addURL Misconfiguration Attack
  140. JBoss, JMX Console, misconfigured DeploymentScanner
  141. Spring Framework and Spring Security serialization-based remoting vulnerabilities
  142. CVE-2000-1247 (jserv)
  143. Daytona JBoss Exploitation Kit
  144. CVE-2011-3559 (communications_server, glassfish_server, java_system_application_serve
  145. CVE-2011-2319 (fusion_middleware)
  146. CVE-2011-2320 (fusion_middleware)
  147. CVE-2011-2255 (fusion_middleware)
  148. CVE-2011-2318 (fusion_middleware)
  149. White paper on remote DNS cache poisoning via port exhaustion (using Java applets)
  150. CVE-2011-3549 (jdk, jre)
  151. CVE-2011-3548 (jdk, jre)
  152. CVE-2011-3547 (jdk, jre)
  153. CVE-2011-3546 (javafx, jdk, jre)
  154. CVE-2011-3545 (jrockit, jdk, jre)
  155. CVE-2011-3544 (jdk, jre)
  156. CVE-2011-3521 (jdk, jre)
  157. CVE-2011-3516 (jdk, jre)
  158. CVE-2011-3550 (jdk, jre)
  159. CVE-2011-3551 (jdk, jre, jrockit)
  160. CVE-2011-3552 (jdk, jre)
  161. CVE-2011-3561 (javafx, jdk, jre)
  162. CVE-2011-3560 (jdk, jre)
  163. CVE-2011-3558 (jdk, jre)
  164. CVE-2011-3557 (jdk, jre, jrockit)
  165. CVE-2011-3556 (jdk, jre, jrockit)
  166. CVE-2011-3555 (jdk, jre)
  167. CVE-2011-3554 (jdk, jre)
  168. CVE-2011-3553 (jdk, jre, jrockit)
  169. CVE-2011-4171 (websphere_ilog_rule_team_server)
  170. CVE-2011-1371 (websphere_ilog_rule_team_server)
  171. CVE-2011-1360 (http_server)
  172. CVE-2010-0780 (websphere_mq)
  173. CVE-2011-1368 (websphere_application_server)
  174. CVE-2009-2747 (websphere_application_server)
  175. CVE-2009-2748 (websphere_application_server)
  176. CVE-2009-0905 (websphere_mq)
  177. CVE-2009-0900 (websphere_mq)
  178. CVE-2011-3376 (tomcat)
  179. Adobe ColdFusion 9 Denial Of Service
  180. CVE-2011-4404 (vcenter_update_manager)
  181. CVE-2011-1378 (websphere_mq)
  182. Java Applet Rhino Script Engine Remote Code Execution
  183. Apache MyFaces 2.0 / 2.1 Information Disclosure
  184. Java Applet Rhino Script Engine Remote Code Execution
  185. Red Hat Security Advisory 2011-1798-01
  186. CVE-2011-2463 (coldfusion)
  187. CVE-2011-4368 (coldfusion)
  188. CVE-2011-4084 (tomcat)
  189. CVE-2011-4461 (jetty)
  190. CVE-2011-5035 (glassfish_server)
  191. CVE-2011-5048 (web_experience_factory)
  192. CVE-2011-4858 (tomcat)
  193. CVE-2011-4905 (activemq)
  194. Apache Struts2 File Overwrite / Command Execution
  195. Oracle GlassFish Server Administration Bypass
  196. CVE-2011-3206 (jboss_operations_network, rhq)
  197. CVE-2012-0391 (struts)
  198. CVE-2012-0392 (struts)
  199. CVE-2012-0393 (struts)
  200. Cve-2011-5057
  201. Cve-2012-0394
  202. CVE-2011-5057 (struts)
  203. CVE-2012-0394 (struts)
  204. CVE-2011-5062 (tomcat)
  205. CVE-2011-5063 (tomcat)
  206. CVE-2011-5064 (tomcat)
  207. CVE-2011-1362 (websphere_application_server)
  208. CVE-2011-1377 (websphere_application_server)
  209. CVE-2011-5066 (websphere_application_server)
  210. CVE-2011-5065 (websphere_application_server)
  211. CVE-2011-1184 (tomcat)
  212. CVE-2011-1377 (websphere_application_server)
  213. CVE-2012-0022 (tomcat)
  214. CVE-2011-3564 (sun_glassfish_enterprise_server)
  215. CVE-2011-3566 (fusion_middleware)
  216. CVE-2012-0077 (fusion_middleware)
  217. CVE-2012-0081 (glassfish_server)
  218. CVE-2012-0104 (glassfish_server)
  219. CVE-2011-3375 (tomcat)
  220. CVE-2011-1376 (websphere_application_server)
  221. CVE-2012-0193 (websphere_application_server)
  222. CVE-2011-4314 (jboss_enterprise_application_platform, kay_framework, openid4java)
  223. CVE-2011-4608 (jboss_enterprise_application_platform)
  224. Cross-site scripting (XSS)
  225. Apache Struts 1.3.10 / 2.0.14 / 2.2.3 Cross Site Scripting