All Hot News World. Public world blog, journal online reviewed.

Java File, PacketStorm Security

RSS feed: Java File, PacketStorm Security
Tue, 05 Feb 2019 15:09:54 GMT
Java Files ≈ Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers [ + ]
Thu, 31 Jan 2019 17:03:15 GMT
Cisco ISE 2.4.0 XSS / Remote Code Execution
Cisco Identity Services Engine (ISE) version 2.4.0 suffers from cross site scripting, java deserialization, and in conjunction can lead to remote code execution. Full exploit provided. [ + ]
Tue, 22 Jan 2019 19:39:37 GMT
Ubuntu Security Notice USN-3875-1
Ubuntu Security Notice 3875-1 - It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. [ + ]
Tue, 22 Jan 2019 19:38:36 GMT
Red Hat Security Advisory 2019-0136-01
Red Hat Security Advisory 2019-0136-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.2 on Red Hat Enterprise Linux 6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes, linked to in the References. Issues addressed include a SAML issue. [ + ]
Tue, 22 Jan 2019 17:20:22 GMT
Red Hat Security Advisory 2019-0139-01
Red Hat Security Advisory 2019-0139-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements. Issues addressed include a SAML issue. [ + ]
Tue, 22 Jan 2019 17:14:57 GMT
Red Hat Security Advisory 2019-0131-01
Red Hat Security Advisory 2019-0131-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include open redirection and host name verification vulnerabilities. [ + ]
Fri, 18 Jan 2019 14:44:44 GMT
Red Hat Security Advisory 2019-0130-01
Red Hat Security Advisory 2019-0130-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 6 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include open redirection and host name verification. [ + ]
Thu, 20 Dec 2018 18:19:00 GMT
Webmin 1.900 Remote Command Execution
This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18. [ + ]
Wed, 19 Dec 2018 04:30:45 GMT
Debian Security Advisory 4357-1
Debian Linux Security Advisory 4357-1 - Raphael Arrouas and Jean Lejeune discovered an access control bypass vulnerability in mod_jk, the Apache connector for the Tomcat Java servlet engine. The vulnerability is addressed by upgrading mod_jk to the new upstream version 1.2.46, which includes additional changes. [ + ]
Thu, 06 Dec 2018 02:21:00 GMT
Red Hat Security Advisory 2018-3852-01
Red Hat Security Advisory 2018-3852-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Issues addressed include a denial of service vulnerability. [ + ]
Fri, 30 Nov 2018 15:46:36 GMT
Red Hat Security Advisory 2018-3779-01
Red Hat Security Advisory 2018-3779-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Issues addressed include a denial of service vulnerability. [ + ]
Wed, 28 Nov 2018 18:05:21 GMT
Apache Spark Unauthenticated Command Execution
This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through the REST API. It uses the function CreateSubmissionRequest to submit a malicious java class and triggers it. [ + ]
Mon, 26 Nov 2018 18:32:22 GMT
Ubuntu Security Notice USN-3830-1
Ubuntu Security Notice 3830-1 - USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem. [ + ]
Mon, 26 Nov 2018 16:02:22 GMT
Red Hat Security Advisory 2018-3671-01
Red Hat Security Advisory 2018-3671-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Issues addressed include a denial of service vulnerability. [ + ]
Fri, 16 Nov 2018 16:52:00 GMT
Red Hat Security Advisory 2018-3672-01
Red Hat Security Advisory 2018-3672-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Issues addressed include a denial of service vulnerability. [ + ]
Fri, 09 Nov 2018 17:43:35 GMT
Ubuntu Security Notice USN-3824-1
Ubuntu Security Notice 3824-1 - It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. Various other issues were also addressed. [ + ]
Fri, 09 Nov 2018 17:43:25 GMT
Red Hat Security Advisory 2018-3533-01
Red Hat Security Advisory 2018-3533-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Issues addressed include a denial of service vulnerability. [ + ]
Thu, 08 Nov 2018 22:04:11 GMT
Red Hat Security Advisory 2018-3534-01
Red Hat Security Advisory 2018-3534-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Issues addressed include a denial of service vulnerability. [ + ]
Thu, 08 Nov 2018 22:02:16 GMT
Red Hat Security Advisory 2018-3528-01
Red Hat Security Advisory 2018-3528-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a failure to honor strict transport confidentiality. [ + ]
Thu, 08 Nov 2018 22:01:29 GMT
Red Hat Security Advisory 2018-3529-01
Red Hat Security Advisory 2018-3529-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a failure to honor strict transport confidentiality. [ + ]
Thu, 08 Nov 2018 22:00:37 GMT
Red Hat Security Advisory 2018-3527-01
Red Hat Security Advisory 2018-3527-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a failure to honor strict transport confidentiality. [ + ]
Tue, 06 Nov 2018 21:07:57 GMT
Red Hat Security Advisory 2018-3521-01
Red Hat Security Advisory 2018-3521-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include improper field access checks. [ + ]
Tue, 06 Nov 2018 21:07:50 GMT
Red Hat Security Advisory 2018-3518-01
Red Hat Security Advisory 2018-3518-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability. [ + ]
Wed, 31 Oct 2018 01:17:40 GMT
Red Hat Security Advisory 2018-3517-01
Red Hat Security Advisory 2018-3517-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability. [ + ]
Wed, 31 Oct 2018 01:14:17 GMT
Red Hat Security Advisory 2018-3409-01
Red Hat Security Advisory 2018-3409-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include improper field access checks. [ + ]

Ubuntu Security Notice USN-3804-1
Ubuntu Security Notice 3804-1 - It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. Various other issues were also addressed. [ + ]
PacketStorm Security

2013 Copyright Techhap.com Mobile version 2015 | PeterLife & company
Skimlinks helps publishers monetize editorial content through automated affiliate links for products. Affiliate programm.
Link at is mandatory if site materials are using fully or particulary.
Were treated to the site administrator, a cup of coffee *https://paypal.me/peterlife
Yandex.ru