Rapid7 Vulnerability & Exploit Database

Amazon Linux AMI: CVE-2022-34169: Security patch for java-1.7.0-openjdk ((Multiple Advisories))

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Amazon Linux AMI: CVE-2022-34169: Security patch for java-1.7.0-openjdk ((Multiple Advisories))

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

07/19/2022

Created

08/29/2022

Added

08/24/2022

Modified

09/13/2022

Description

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Solution(s)

amazon-linux-upgrade-java-1-7-0-openjdk
amazon-linux-upgrade-java-1-8-0-openjdk

References

ALAS-2022-1633
CVE-2022-34169
USN-5546-1
USN-5546-2

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Amazon Linux AMI: CVE-2022-34169: Security patch for java-1.7.0-openjdk ((Multiple Advisories))

Amazon Linux AMI: CVE-2022-34169: Security patch for java-1.7.0-openjdk ((Multiple Advisories))

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.