Rapid7 Vulnerability & Exploit Database

RHSA-2008:0245: java-1.6.0-bea security update

Back to Search

RHSA-2008:0245: java-1.6.0-bea security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
03/06/2008
Created
07/25/2018
Added
05/21/2008
Modified
07/04/2017

Description

The BEA WebLogic JRockit 1.6.0_03 JRE and SDK contain BEA WebLogic JRockitVirtual Machine 1.6.0_03, and are certified for the Java 6 Platform,Standard Edition, v1.6.0.The Java XML parsing code processed external entity references even whenthe "external general entities" property was set to "FALSE". This allowedremote attackers to conduct XML External Entity (XXE) attacks, possiblycausing a denial of service, or gaining access to restricted resources.(CVE-2008-0628)A flaw was found in the Java XSLT processing classes. An untrustedapplication or applet could cause a denial of service, or execute arbitrarycode with the permissions of the user running the JRE. (CVE-2008-1187)A flaw was found in the JRE image parsing libraries. An untrustedapplication or applet could cause a denial of service, or possible executearbitrary code with the permissions of the user running the JRE.(CVE-2008-1193)A flaw was found in the JRE color management library. An untrustedapplication or applet could trigger a denial of service (JVM crash).(CVE-2008-1194)The vulnerabilities concerning applets listed above can only be triggeredin java-1.6.0-bea, by calling the "appletviewer" application.Users of java-1.6.0-bea are advised to upgrade to these updated packages,which resolve these issues.

Solution(s)

  • redhat-upgrade-java-1-6-0-bea
  • redhat-upgrade-java-1-6-0-bea-demo
  • redhat-upgrade-java-1-6-0-bea-devel
  • redhat-upgrade-java-1-6-0-bea-jdbc
  • redhat-upgrade-java-1-6-0-bea-missioncontrol
  • redhat-upgrade-java-1-6-0-bea-src

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;