Rapid7 Vulnerability & Exploit Database

RHSA-2008:0594: java-1.6.0-sun security update

Back to Search

RHSA-2008:0594: java-1.6.0-sun security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
07/09/2008
Created
07/25/2018
Added
07/16/2008
Modified
07/04/2017

Description

The Java Runtime Environment (JRE) contains the software and tools thatusers need to run applets and applications written using the Javaprogramming language. A vulnerability was found in the Java Management Extensions (JMX)management agent, when local monitoring is enabled. This allowed remoteattackers to perform illegal operations. (CVE-2008-3103)Multiple vulnerabilities with unsigned applets were reported. A remoteattacker could misuse an unsigned applet to connect to localhost servicesrunning on the host running the applet. (CVE-2008-3104)Several vulnerabilities in the Java API for XML Web Services (JAX-WS)client and service implementation were found. A remote attacker who causedmalicious XML to be processed by a trusted or untrusted application wasable access URLs or cause a denial of service. (CVE-2008-3105, CVE-2008-3106)A JRE vulnerability could be triggered by an untrusted application orapplet. A remote attacker could grant an untrusted applet or applicationextended privileges such as being able to read and write local files, orexecute local programs. (CVE-2008-3107)Several vulnerabilities within the JRE scripting support were reported. Aremote attacker could grant an untrusted applet extended privileges such asreading and writing local files, executing local programs, or querying thesensitive data of other applets. (CVE-2008-3109, CVE-2008-3110)A vulnerability in Java Web Start was found. A remote attacker was able tocreate arbitrary files with the permissions of the user running theuntrusted Java Web Start application. (CVE-2008-3112)Another vulnerability in Java Web Start when processing untrustedapplications was reported. An attacker was able to acquire sensitiveinformation, such as the cache location. (CVE-2008-3114)Users of java-1.6.0-sun should upgrade to these updated packages, whichcorrect these issues.

Solution(s)

  • redhat-upgrade-java-1-6-0-sun
  • redhat-upgrade-java-1-6-0-sun-demo
  • redhat-upgrade-java-1-6-0-sun-devel
  • redhat-upgrade-java-1-6-0-sun-jdbc
  • redhat-upgrade-java-1-6-0-sun-plugin
  • redhat-upgrade-java-1-6-0-sun-src

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;